Suspicious activity

AWS GuardDuty detects suspicious traffic from instance with db service or PII

Risk Level

Hazardous (3)

Compliance Frameworks


Suspicious traffic was found by AWS GuardDuty service on EC2 instance {AwsEc2Instance} ({AwsEc2Instance.InstanceId}) and Orca detected PII on the asset. AWS GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity. The service detected one of the following types of suspicious network: (Trojan:EC2/DNSDataExfiltration, Behavior:EC2/NetworkPortUnusual, Behavior:EC2/TrafficVolumeUnusual).