Suspicious activity

RDS instance with CredentialAccess:RDS/MaliciousIPCaller.FailedLogin GuardDuty Alert Found

Risk Level

Informational (4)

Platform(s)

Description

A malicious IP address unsuccessfully attempted to log in to an RDS database in your account.

  • Recommended Mitigation

    Place the RDS instance in a private VPC, and limit the security group rules to allow traffic only from the necessary sources, this may indicates that the user credentials have been compromised.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.