Lambda function that exposes secrets is reached from malicious IP address
Orca detected AWS lambda function {AwsLambdaFunction} with environment variables exposing AWS access key or secret. This action may indicate of...
Blog
AWS Guard Duty: User/role with UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration.InsideAWS
GuardDuty finding was triggered for aws user.
AWS Guard Duty: S3 Bucket with Exfiltration:S3/AnomalousBehavior
GuardDuty finding was triggered for s3 bucket.
AWS root account console login without MFA
Orca detected that the root account was used to login to AWS console without Multi-Factor Authentication (MFA). Lack of MFA...
EC2 Role is used from non-AWS IP address range
An EC2 role was used from an IP that doesn't fall within the whitelisted AWS IP range. The request could...
AWS Guard Duty: Ec2 with Trojan:EC2/DGADomainRequest.B
GuardDuty finding was triggered for ec2 instance.
AWS Guard Duty: Ec2 with Recon:EC2/PortProbeUnprotectedPort
GuardDuty finding was triggered for ec2 instance.
AWS Guard Duty: Ec2 with UnauthorizedAccess:EC2/SSHBruteForce
GuardDuty finding was triggered for ec2 instance.