Suspicious activity

Anomaly detection: Increase in reconnaissance activity with an unusual user agent

Risk Level

Hazardous (3)

Platform(s)

Description

Unlike in the past, the role started executing API calls for listing and describing assets in the cloud account. Those API calls were executed with a user-agent not seen before. Those findings might indicate on a malicious usage of the role permissions.
  • Recommended Mitigation

    It is recommended to review the relevant CloudTrail events and principals that issued this API calls, and the instances that were deleted