Anomaly detection: Unusual event name diversity and increase in access denied responses
Suspicious activity
Anomaly detection: Unusual event name diversity and increase in access denied responses
Risk Level
Informational (4)
Platform(s)
Description
Unlike in the past, the role started executing API calls with an amount of unique event names. In addition a large portion resulted in access denied. Those findings might indicate on a malicious usage of the role permissions.
Recommended Mitigation
It is recommended to review the relevant CloudTrail events and principals that issued this API calls.