Suspicious activity

CloudTrail trail stop logging attempt



Orca detected that an API call to 'StopLogging' CloudTrail events was made, the operation failed. Aws CloudTrail service consists of a set of trails, each defines a different logging configuration. By calling the 'StopLogging' API, logging in a specific trail will be disabled and therefore tracking and monitoring will be low.
  • Recommended Mitigation

    It is recommended to review the permissions which were used to make this API call. Investigate the principal that issued this API call to determine if this is a legit activity.