You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+4-1Lines changed: 4 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -125,7 +125,7 @@ Check official documentation on [Secure for cloud - AWS, Confirm the Services ar
125
125
126
126
Generally speaking, a triggered situation (threat or image-scanning) whould be check (from more functional-side to more technical)
127
127
- Secure UI > Events / Insights / ...
128
-
- Cloud-Connector Logs
128
+
- Cloud-Connector Logs - To access logs in AWS visit - Cloudwatch > LogGroup > sysdig or cloudconnector
129
129
- Cloudtrail > Event History
130
130
131
131
### Forcing Events - Threat Detection
@@ -338,6 +338,9 @@ Error: Not enough privileges to complete the action, Access is denied
338
338
339
339
A: For Organizational Setup for cloudbench (deployed through management account / delegated administrator vía stackset) make sure it's being deployed in the management account. [[1](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-enable-trusted-access.html)][[2](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-enable-trusted-access.html)]
340
340
341
+
### Q-RuntimeThreat Detection: Getting error 403 `"could not load rule set from Sysdig Secure: ruleprovider#newPartialRuleSet | error loading default-rules: error from Sysdig Secure API: 403`
342
+
343
+
A: The Sysdig User that deployed the components is a standard user within the Sysdig Platform. Only administrator users are given permissions to read falco rule sets. Once this permission is changed, you should no longer get this error and CSPM Cloud events should start populating.
0 commit comments