This rule analyzes AWS Elastic Container Registry (ECR) image scans to identify low, informational, or unknown severity findings through AWS CloudTrail logs, specifically tracking the DescribeImageScanFindings event. It plays a crucial role in security operations by flagging potential vulnerabilities or misconfigurations in container images that may lead to unauthorized access, data breaches, or exploitation if unaddressed. Utilizing the Splunk platform and AWS add-on, the rule provides insights into the security posture of containerized environments and assists SOC teams in monitoring and remediating risks associated with container use. The findings can be viewed and further analyzed using specific drilldown searches, allowing for in-depth investigation of detected vulnerabilities over time.