Suspicious activity

Anomaly detection: Unusual event name diversity and increase in access denied responses

Risk Level

Informational (4)

Platform(s)

Description

Unlike in the past, the role started executing API calls with an amount of unique event names. In addition a large portion resulted in access denied. Those findings might indicate on a malicious usage of the role permissions.
  • Recommended Mitigation

    It is recommended to review the relevant CloudTrail events and principals that issued this API calls.