Suspicious activity

List bucket API call was made from malicious IP address



Orca detected that an API call to list buckets was made from a malicious IP address - {MaliciousIp.MaliciousIp}. This action may indicate of a presence of an unauthorized actor in the cloud environment, since listing buckets is a common enumeration action attackers conduct in the reconnaissance phase.