Start EC2 instance API call was made from Tor IP address
Suspicious activity
Start EC2 instance API call was made from Tor IP address
Risk Level
Imminent Compromised (2)
Platform(s)
Description
Orca detected that an API call to start EC2 instances was made from Tor IP address - {MaliciousIp.MaliciousIp}. This action may indicate of a presence of an unauthorized actor in the cloud environment, since starting the EC2 instances API call was sourced from Tor IP address.
Recommended Mitigation
It is recommended to review relevant CloudTrail event, the EC2 instances and the principal's activity that issued this API call.