Initial Access: Successful API call made from a TOR proxy IP

This document describes a threat finding type in Security Command Center. Threat findings are generated by threat detectors when they detect a potential threat in your cloud resources. For a full list of available threat findings, see Threat findings index.

Overview

A successful API call was made to your GKE cluster from an IP address associated with the Tor network. Tor provides anonymity, which attackers often exploit to hide their identity.

How to respond

The following response plan might be appropriate for this finding, but might also impact operations. Carefully evaluate the information you gather in your investigation to determine the best way to resolve findings.

To respond to this finding, do the following:

  1. Investigate the nature of the API call and the accessed resources.
  2. Review your network policies and firewall rules to block access from Tor proxy IP addresses.

What's next