Help
Lacework
Access helpful articles and other FAQs on Lacework
Kate_M
Community Manager
Community Manager

Created on ‎08-19-2024 03:44 AM

Article Id 334322

Cloud Activity Log ingestion failure detected

Description Some customers have cloud accounts which aren't used on a regular basis. When such accounts are integrated with Lacework, you may periodically receive alerts of 'Cloud Activity log ingestion failure detected.'
Scope AWS CloudTrail integrations
Solution

This alert is triggered after three hours of inactivity is detected. If, upon receiving such an alert, you determine these are benign warnings and expected behaviour, there are two options available to accommodate for this. 

 

  1. The first option is to disable the policy LW_PLATFORM_106 altogether if you do not find it to be helpful.

 

  1. The second option is to increase the tolerance. This can be accomplished by cloning policy LW_PLATFORM_106 and increasing the frequency from 3 hours. This does increase the chance that if there is a legitimate ingestion failure, then you may not get a timely alert, but will significantly reduce any false alarms. 

 

Kate_M_0-1724063903168.png

 

 

The documentation below should help guide you on how to clone a policy.

https://docs.lacework.net/console/clone-policies#create-a-policy-by-cloning

 

Note: 

Please be sure and disable the original policy, and only leave the new cloned policy enabled. If both are enabled, you will receive alerts for both policies.

 

 

 
140
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.