IncidentsINC-2026-0416
HIGH

Anomalous S3 read volume by order-worker

Status · openOwner · unassignedOpened · 6/27/2026, 7:41:03 AMAlerts · 1Entities · 4
Copilot narrativeverdict: pending · 62%

Possible scheduled job; awaiting confirmation from platform team.

T1567.002 · Exfil to Cloud Storage/ Exfiltration

OCSF timeline

normalized
1 events
  1. 07:41 AMcls 6003
    HIGHS3 GetObject (Anomalous Volume)API Activity
    AWS GuardDuty · CLOUD-EXFIL-S3-VOL-01 · OCSF-ALT-48194-6003
    actor.user.nameAROA...:order-workersrc_endpoint.ip10.0.42.17