Malicious activity

AWS GuardDuty detects API calls against public S3 Bucket with PII from suspicious source

Risk Level

Imminent Compromised (2)

Platform(s)
Compliance Frameworks

Description

S3 API calls from suspicious source address were detected by AWS GuardDuty service on the public S3 Bucket {AwsS3Bucket}. AWS GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity. The service detects one of the following types of S3 discovery findings (Discovery:S3/MaliciousIPCaller, Recon:EC2/PortProbeUnprotectedPort, Discovery:S3/MaliciousIPCaller.Custom, Discovery:S3/TorIPCaller) on a public S3 Bucket that Orca has identified with Potentially Personal Identifying Information.