Anomaly detection: Increase in reconnaissance activity with an unusual user agent
Suspicious activity
Anomaly detection: Increase in reconnaissance activity with an unusual user agent
Risk Level
Hazardous (3)
Platform(s)
Description
Unlike in the past, the role started executing API calls for listing and describing assets in the cloud account. Those API calls were executed with a user-agent which was not seen before. Those findings might indicate on a malicious usage of the role permissions.
Recommended Mitigation
It is recommended to review the relevant CloudTrail events and principals that issued this API calls.