Anomaly detection: Service account activity in new regions
Suspicious activity
Anomaly detection: Service account activity in new regions
Risk Level
Hazardous (3)
Platform(s)
Description
Unlike in the past, the service account has accessed new regions. This action may indicate of a presence of an unauthorized actor in the cloud environment, since this is an unusual activity of the role.
Recommended Mitigation
It is recommended to review relevant AuditLog event and principal that issued this API call to determine if this is a legit activity.