Suspicious activity

Anomaly detection: Unusual increase in activity and an unusual cross account activity

Risk Level

Hazardous (3)

Platform(s)

Description

Unlike in the past, the role was assumed by an identity from external cloud account. In addition there was an increase in activity of the role. Those findings might indicate on a malicious usage of the role permissions.

  • Recommended Mitigation

    It is recommended to review the relevant CloudTrail events and principals that issued this API calls.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.