Description
Orca detected that an API call to start EC2 instances was made from Tor IP address - {MaliciousIp.MaliciousIp}. This action may indicate of a presence of an unauthorized actor in the cloud environment, since starting the EC2 instances API call was sourced from Tor IP address.