Suspicious activity

Create snapshot API call was made from Tor IP address



Orca detected a CreateSnapshot operation attempt. The operation was called from a tor IP address - {MaliciousIp.MaliciousIp}, which might indicate of an exfiltration attempt. An attacker with permissions to create snapshots can expose sensitive data using snapshots creation. There snapshots can be shared between different AWS accounts.