Create snapshot API call was made from malicious IP address
Orca detected a CreateSnapshot operation attempt. The operation was called from a malicious IP address - {MaliciousIp.MaliciousIp}, which might indicate...
Blog
API access from Tor IP address was detected
GCP API call was detected from IP address which is categorized as Tor
Lambda function that exposes secrets is reached from Tor IP address
Orca detected AWS lambda function {AwsLambdaFunction} with environment variables exposing secrets. The function configuration was fetched by one of the...
AWS Guard Duty: User with InitialAccess:IAMUser/AnomalousBehavior
GuardDuty finding was triggered for aws user.
AWS Guard Duty: Ec2 with CryptoCurrency:EC2/BitcoinTool.B!DNS
GuardDuty finding was triggered for ec2 instance.
Exposed aws access key was used to add user to group
Orca detected that an exposed AWS access key was used to add user to group. This action may indicate of...
Lambda function that exposes secrets is reached from malicious IP address
Orca detected AWS lambda function {AwsLambdaFunction} with environment variables exposing AWS access key or secret. This action may indicate of...
AWS Guard Duty: User/role with UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.InsideAWS
GuardDuty finding was triggered for aws user.
AWS Guard Duty: S3 Bucket with Exfiltration:S3/AnomalousBehavior
GuardDuty finding was triggered for s3 bucket.