Permissive EC2 Role Used from External IP

Malicious activity

Permissive EC2 Role Used from External IP

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
cis_8
CPRA
Data Security Posture Management (DSPM) Best Practices
ISO/IEC 27001
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
UK Cyber Essentials

Description

Orca has detected that the privileged role {AwsIamRole} was used from an IP outside your internal network. This role is usually associated with the EC2 Instance Profile(s) {AwsIamRole.InstanceProfileArnList}. Use of this role outside of this context might mean an instance was compromised and its credentials are being used for malicious activity.

Recommended Mitigation

Review the relevant CloudTrail event and ensure this use was authorized.

Permissive EC2 Role Used from External IP

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS