Remediation and other changes made in AWS is not properly reflected in alerts. Examples:
Alert does not end after resource has been deleted
Alert does not end after remediation steps have been performed
Alert does not appear for newly created resources
Changes in AWS does not update alert metadata.
Diagnosis
If alert is missing, make sure alert is not suppressed. Go to latest report -> Alerts tab, filter by "Suppressed only" to confirm whether the alert was suppressed or not.
If alert is missing, make sure signature is not disabled. Go to Control Panel -> Disabled Signatures, then look for the account + signature pair of the missing alert.
If alert is stale or missing, disable offending signature, wait an hour, then re-enable signature
Resolution
If after performing the above diagnostics, you still suspect that alerts are stale or missing, contact Palo Alto Networks support, and provide the suspect alerts.
In some cases, a one-time manual scan can be performed to re-sync alerts. Please provide the External Account name or ID for all accounts that need to be scanned.