Suspicious activity

Azure Bastion sharable link activity detected

Platform(s)

Description

Orca detected that an API call manage Bastion shareable link was committed, the operation was successful. Azure Bastion allows you to create shareable links that enable users to connect to a specific virtual machine without having to provide them with the credentials. Shareable links can be used by anyone who has access to the link. In the hands of an attacker, shareable links can be used to gain persistent access to the attacked environment. The activity which was discovered is either attempt to fetch the existing links or to create a new one. To view the whole list of events, check out the Evidence tab.