Oracle Cloud Infrastructure – Unusual Activity Announcements

By | April 14, 2021

When logging in to an OCI tenancy, I noticed something interesting - there was a message bar at the top of the console reporting "Unusual traffic detected."  It turns out that there were a couple of instances in a compartment that were showing signs of potential compromise.  Here's the alert that we received when we clicked on the banner:

OCI Security Announcement

It included in the detail the region, instance name, and OCID of the offending resources, as well as the type of activity - in this case, the instances were showing traffic patterns that matched brute-force SSH attacks.  This information made it very easy to investigate and remediate.  As it turns out, someone had created an instance with a wide open security list in a compartment set to be destroyed.  We were able to jump on it quickly and terminate the offending instances.

The warning was a good reminder to keep an eye on your security lists and public instances.  All told, this is a very good feature to see in the real world.

Leave a Reply

Your email address will not be published.