observing Cloud Activity log ingestion failure detected every hour

Hello gangaprasad,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Hello,

We are still looking for someone to help you.

We will come back to you ASAP.

Thanks,

Hi gangaprasad,

I found the following info - let me know if it helps.

To debug the "Cloud Activity log ingestion failure detected" alert, follow these steps:

1. Understand the Alert: This alert is triggered after three hours of inactivity is detected in AWS CloudTrail integrations. If you are receiving this alert every hour, it might indicate a configuration issue or unexpected behavior.

2. Check Policy LW_PLATFORM_106:
- Disable the Policy: If you determine that these alerts are benign and expected, consider disabling the policy LW_PLATFORM_106 if it is not useful for your monitoring needs.
- Increase Tolerance: Alternatively, clone the policy LW_PLATFORM_106 and increase the frequency from 3 hours to a longer duration. This will reduce false alarms but may delay alerts for legitimate ingestion failures.

3. Verify Subscription and Configuration:
- Ensure that the Lacework subscription and GCP project configurations are correct and active.
- Check for any recent changes in the configuration that might have affected the log ingestion process.

4. Review Logs and Alerts:
- Examine the detailed logs and alerts related to the Lacework subscription event in the GCP project to identify any anomalies or errors.

5. Contact Support:
- If the issue persists, consider reaching out to Lacework support for further assistance and to investigate any underlying issues with the integration.

By following these steps, you should be able to identify and address the cause of the frequent alerts.