Suspicious activity

Azure network security group was created or modified from Tor IP address

Risk Level

Informational (4)



Orca detected that an API call to crete or edit an Azure network security group was made from Tor IP address, the operation was successful. This action may indicate of a presence of an unauthorized actor in the cloud environment, since the call was made from a malicious ip.
  • Recommended Mitigation

    It is recommended to review the security group that was modified and the permissions that were used to make the call