Multiple Runtime Sensor False Positive Threats

Incident Report for Wiz

Resolved

This incident has been resolved.
Posted Mar 12, 2025 - 17:16 UTC

Update

Threat Detection Rules:
-Anomalous execution from a suspicious directory (cer-correlation-id-286)
-Process execution from a suspicious location on a writable layer (cer-sen-id-367)

These detections have generated multiple false positives during the last few hours.
To prevent further disruption, these rules have been temporarily disabled, and the Wiz team is actively working on a resolution. In the meantime, customers can manually bulk resolve the flagged threats as needed.
We will provide further updates as soon as the issue is resolved.
Posted Mar 12, 2025 - 14:50 UTC

Identified

The issue has been identified and a fix is being implemented.
Posted Mar 12, 2025 - 14:44 UTC