Suspicious activity

List S3 object API call was made from malicious IP address

Risk Level

Hazardous (3)



Orca detected that a ListObjects operation attempt. The operation was called from a malicious IP address - {MaliciousIp.MaliciousIp}, which might indicate of an asset reconnaissance attempt. An attacker with permissions to list objects, can gain information about entities.
  • Recommended Mitigation

    It is recommended to review the permissions which were used to make this api call. In addition, review the actions of the affected user and remove the policy in if it is possible.