Suspicious activity

Anomaly detection: Permissive role unusual increase in activity

Risk Level

Hazardous (3)

Platform(s)

Description

Unlike in the past, the role started executing API calls for listing and describing assets in the cloud account. In addition to that, there was a unusual increase in activity done by this role. The role was identified by Orca as a permissive role, which in case of compromise can put the cloud account at a higher risk. Therefor those findings might indicate on a malicious usage of the role permissions.
  • Recommended Mitigation

    It is recommended to review the relevant CloudTrail events and principals that issued this API calls.