security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[New Rule] Potential Abuse of Resources by High Token Count and Large Response Sizes (#3644)

Browse Source
This commit is contained in:
Mika Ayenson
2024-05-03 18:01:53 -05:00
committed by GitHub
parent c8c8c96956
commit 2ffb0e7fe2
2 changed files with 59 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
detection_rules/schemas/definitions.py
+1
View File
@@ -88,6 +88,7 @@ EXPECTED_RULE_TAGS = [
'Domain: Cloud',
'Domain: Container',
'Domain: Endpoint',
'Mitre Atlas: *',
'OS: Linux',
'OS: macOS',
'OS: Windows',
rules/integrations/aws/aws_bedrock_high_resource_consumption_detection.toml
+58
View File
@@ -0,0 +1,58 @@
[metadata]
creation_date = "2024/05/04"
maturity = "production"
updated_date = "2024/05/04"
min_stack_comments = "ES|QL rule type is still in technical preview as of 8.13, however this rule was tested successfully; integration in tech preview"
min_stack_version = "8.13.0"
[rule]
author = ["Elastic"]
description = """
Detects potential resource exhaustion or data breach attempts by monitoring for users who consistently generate high input token counts, submit numerous requests, and receive
large responses. This behavior could indicate an attempt to overload the system or extract an unusually large amount of data, possibly revealing sensitive information or
causing service disruptions.
"""
false_positives = ["Authorized heavy usage of the system that is business justified and monitored."]
from = "now-60m"
interval = "10m"
language = "esql"
license = "Elastic License v2"
name = "Potential Abuse of Resources by High Token Count and Large Response Sizes"
references = [
"https://atlas.mitre.org/techniques/AML.T0051",
"https://owasp.org/www-project-top-10-for-large-language-model-applications/",
"https://www.elastic.co/security-labs/elastic-advances-llm-security",
]
risk_score = 47
rule_id = "b1773d05-f349-45fb-9850-287b8f92f02d"
setup = """## Setup
This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation:
https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html
"""
severity = "medium"
tags = [
"Domain: LLM",
"Data Source: AWS Bedrock",
"Data Source: Amazon Web Services",
"Data Source: AWS S3",
"Use Case: Potential Overload",
"Use Case: Resource Exhaustion",
"Mitre Atlas: LLM04"
]
timestamp_override = "event.ingested"
type = "esql"
query = '''
from logs-aws_bedrock.invocation-*
| stats max_tokens = max(gen_ai.usage.prompt_tokens),
total_requests = count(*),
avg_response_size = avg(gen_ai.usage.completion_tokens)
by user.id
// tokens count depends on specific LLM, as is related to how embeddings are generated.
| where max_tokens > 5000 and total_requests > 10 and avg_response_size > 500
| eval risk_factor = (max_tokens / 1000) * total_requests * (avg_response_size / 500)
| where risk_factor > 10
| sort risk_factor desc
'''