Troubleshoot Missing Events

If the App Infrastructure Protection (AIP) Application cannot locate an event or displays a message such as "Parent Process Unavailable" when you search for a specific event, there may be a few reasons for this issue:

  1. The event is outside of your organization's retention period. For example, if you purchased a two-day retention period, then you cannot search for or view events older than two days. Alerts for that event are still available, even if you dismiss them.
  2. Ensure that your system clock and Network Time Protocol (NTP) are configured correctly on the system from which you are searching events. If your clock is improperly configured, then readjust your parameters to find the events, and properly configure your clock to avoid future confusion.
  3. AIP collects CloudTrail events as quickly as AWS sends them to the platform. Typically, this process takes minutes. However, sometimes AWS takes fifteen minutes to an hour to make the event available to your CloudTrail instance and the AIP Platform.
  4. Any events that occurred before the Agent starts, such as during the initial boot sequence, will not be available.
  5. The AIP Agent does not support running on the same server with auditd. If you require auditd output for other tools, such as apparmor, contact our support team.
  6. If any tampering occurred on the instance before the AIP Agent starts, such as loading a malicious kernel module, this activity may not be collected. For example, some malicious kernel modules work to hide their activity and collect the rest of the data. However, if the AIP Agent is running, this tampering will be caught and alerted.

If you see any other discrepancies, please contact the support team.

 

Was this article helpful?
0 out of 0 found this helpful