Suspicious activity

Anomaly detection: Unusual EC2 creations by an unusual user agent

Risk Level

Hazardous (3)

Platform(s)

Description

Unlike in the past, the role created an unusual amount of ec2 instances. Those calls were made with an unusual user agent. Those findings might indicate on a malicious usage of the role permissions.

  • Recommended Mitigation

    It is recommended to review the relevant CloudTrail events and principals that issued this API calls. In addition, the change in the user-agent field might help to understand the cause of the anomaly.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.