Anomaly detection: Role with unusual amount of access denied responses
Suspicious activity
Anomaly detection: Role with unusual amount of access denied responses
Risk Level
Informational (4)
Platform(s)
Description
Unlike in the past, a role that is related to an instance profile executed API calls, which resulted in an unusual amount of access denied. In addition there was an unusual amount of unique event names in recent activity of the role. Therefor those findings might indicate on a malicious usage of the role permissions.
Recommended Mitigation
It is recommended to review the relevant CloudTrail events and principals that issued this API calls. In addition review the instance that the role is associated with