Suspicious activity

Network administration activity committed by a Managed Identity

Platform(s)

Description

Orca detected that an API call to manage network configuration made by a managed identity - {AzureServicePrincipal}, the operation was successful. The action may indicate a presence of an unauthorized actor in the cloud environment since Managed Identities usually don't perform administrative activities. Since Managed Identities can be attached to compute resources, their tokens are relatively once an attacker gain access to the machine. To view the whole list of events, check out the Evidence tab.
Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.