Suspicious activity

Azure network security group security rule was created or modified from Tor IP address

Risk Level

Informational (4)

Platform(s)

Description

Orca detected that an API call to crete or edit a security rule of Azure Network Security Group was made from Tor IP address, the operation was successful. This action may indicate a presence of an unauthorized actor in the cloud environment, since the call was made from a malicious ip.
  • Recommended Mitigation

    It is recommended to review the security group, the security rule that was modified and the permissions that were used to make the call.