Suspicious activity

Anomaly detection: Permissive role activity with GuardDuty alert

Risk Level

Hazardous (3)

Platform(s)

Description

A suspicious rise in the overall activity of the role. In addition, GuardDuty finding with type 'CredentialAccess:IAMUser/AnomalousBehavior' was found. The role was identified by Orca as a permissive role. Those findings might indicate on a malicious usage of the role permissions.

  • Recommended Mitigation

    It is recommended to review relevant CloudTrail events and principals that issued this API calls. In addition, review the GuardDuty alert.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.