RDS instance with CredentialAccess:RDS/TorIPCaller.SuccessfulLogin GuardDuty Alert Found
Suspicious activity
RDS instance with CredentialAccess:RDS/TorIPCaller.SuccessfulLogin GuardDuty Alert Found
Platform(s)
Description
A user was successfully logged into an RDS database in your account from a Tor exit node IP address, this may indicates that the user credentials have been compromised.
Recommended Mitigation
Revoke the compromised credentials and update security group rules to allow traffic only from the necessary sources.