Suspicious activity

Create snapshot API call was made from Tor IP address

Risk Level

Hazardous (3)



Orca detected a CreateSnapshot operation attempt. The operation was called from a tor IP address - {MaliciousIp.MaliciousIp}, which might indicate of an exfiltration attempt. An attacker with permissions to create snapshots can expose sensitive data using snapshots creation. There snapshots can be shared between different AWS accounts.
  • Recommended Mitigation

    It is recommended to review the permissions which were used to make this api call.