Suspicious activity

Update Role API call was made from malicious IP address

Risk Level

Informational (4)



Orca detected that an API call to Update Role that added permissions was made from a Malicious IP address. This action may indicate of a presence of an unauthorized actor in the cloud environment.
  • Recommended Mitigation

    It is recommended to review the activity of the role that was modified and the role that made the changes.