Suspicious activity

User inline policy updated or created from malicious IP address

Risk Level

Imminent Compromised (2)

Platform(s)

Description

Orca detected that an inline policy was created or updated, the operation was successful. The operation was called from a malicious IP address - {MaliciousIp.MaliciousIp}, which might indicate of a privilege escalation attempt. An attacker with permissions to edit inline policies, can change policies to entities which are in his control.

  • Recommended Mitigation

    It is recommended to review the permissions which were used to make this api call. In addition, review the actions of the affected user and remove the policy in if it is possible.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.