Anomaly detection: Permissive role activity with GuardDuty alert
Suspicious activity
Anomaly detection: Permissive role activity with GuardDuty alert
Risk Level
Hazardous (3)
Platform(s)
Description
A suspicious rise in the overall activity of the role. In addition, GuardDuty finding with type 'CredentialAccess:IAMUser/AnomalousBehavior' was found. The role was identified by Orca as a permissive role. Those findings might indicate on a malicious usage of the role permissions.
Recommended Mitigation
It is recommended to review relevant CloudTrail events and principals that issued this API calls. In addition, review the GuardDuty alert.