Suspicious activity

RDS instance with CredentialAccess:RDS/TorIPCaller.SuccessfulLogin GuardDuty Alert Found

Risk Level

Hazardous (3)

Platform(s)

Description

A user was successfully logged into an RDS database in your account from a Tor exit node IP address, this may indicates that the user credentials have been compromised.

  • Recommended Mitigation

    Revoke the compromised credentials and update security group rules to allow traffic only from the necessary sources.

Need help?

Get a free Security Risk Assessment. Start today

Orca Security Demo Demo the Orca Platform-> In just 10 minutes, you’ll see how Orca Security can revolutionize your cloud security strategy. Watch a recorded demo from a cloud security expert now.