Malicious Ip was used to remove permissions to a role
Suspicious activity
Malicious Ip was used to remove permissions to a role
Risk Level
Imminent Compromised (2)
Platform(s)
Description
Orca detected that an API call to Update Role that removed permissions was made from a malicious IP address - {MaliciousIp.MaliciousIp}. This action may indicate of a presence of an unauthorized actor in the cloud environment.
Recommended Mitigation
It is recommended to review the activity of the role that was modified and the role that made the changes.