Suspicious activity

Create snapshot API call was made from malicious IP address

Platform(s)

Description

Orca detected a CreateSnapshot operation attempt. The operation was called from a malicious IP address - {MaliciousIp.MaliciousIp}, which might indicate of an exfiltration attempt. An attacker with permissions to create snapshots can expose sensitive data using snapshots creation. There snapshots can be shared between different AWS accounts.