AWS Guard Duty: User/role with UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.InsideAWS
GuardDuty finding was triggered for aws user.
Blog
AWS Guard Duty: S3 Bucket with Exfiltration:S3/AnomalousBehavior
GuardDuty finding was triggered for s3 bucket.
AWS root account console login without MFA
Orca detected that the root account was used to login to AWS console without Multi-Factor Authentication (MFA). Lack of MFA...
EC2 Role is used from non-AWS IP address range
An EC2 role was used from an IP that doesn't fall within the whitelisted AWS IP range. The request could...
AWS Guard Duty: Ec2 with Trojan:EC2/DGADomainRequest.B
GuardDuty finding was triggered for ec2 instance.
AWS Guard Duty: Ec2 with Recon:EC2/PortProbeUnprotectedPort
GuardDuty finding was triggered for ec2 instance.
AWS Guard Duty: Ec2 with UnauthorizedAccess:EC2/SSHBruteForce
GuardDuty finding was triggered for ec2 instance.
AWS Guard Duty: EC2 with suspicious traffic from an instance with malware
Suspicious traffic was found by AWS GuardDuty service on EC2 instance {AwsEc2Instance} ({AwsEc2Instance.InstanceId}) detected with malware by Orca. AWS GuardDuty...