Orca detected that an API call to create/update custom role was made from a malicious IP address - {MaliciousIp.MaliciousIp}, the operation was successful. This action may indicate of a presence of an unauthorized actor in the cloud environment, trying to commit a distruction activities in the subscription.
Recommended Mitigation
It is recommended to review the permissions which were used to make this api call.
