RDS instance with CredentialAccess:RDS/MaliciousIPCaller.FailedLogin GuardDuty Alert Found
Suspicious activity
RDS instance with CredentialAccess:RDS/MaliciousIPCaller.FailedLogin GuardDuty Alert Found
Risk Level
Informational (4)
Platform(s)
Description
A malicious IP address unsuccessfully attempted to log in to an RDS database in your account.
Recommended Mitigation
Place the RDS instance in a private VPC, and limit the security group rules to allow traffic only from the necessary sources, this may indicates that the user credentials have been compromised.