Suspicious activity

Anomaly detection: Permissive role with unusual amount of access denied responses.

Platform(s)

Description

Unlike in the past, the role executed API calls which resulted in an unusual amount of access denied responses. The API calls were made with an unusual user agent. The role was identified by Orca as a permissive role, which in case of compromise can put the cloud account at a higher risk. Therefor those findings might indicate on a malicious usage of the role permissions.