Suspicious activity

AWS GuardDuty detects active port scans against neglected exposed instance

Risk Level

Hazardous (3)

Compliance Frameworks


Active port scanning were detected by AWS GuardDuty service on the Internet facing mis-configured unpatched EC2 instance {AwsEc2Instance} ({AwsEc2Instance.InstanceId}). AWS GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity. The service detects one of the following types of active port scans (Recon:EC2/PortProbeEMRUnprotectedPort, Recon:EC2/PortProbeUnprotectedPort, Recon:EC2/Portscan) on an EC2 instance that Orca has identified as exposed to the Internet with neglected OS (unsupported or unpatched for a long time) and network misconfugrations.