From 2ffb0e7fe2e984314cacaa9cfd9cdd59e0fc2409 Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Fri, 3 May 2024 18:01:53 -0500 Subject: [PATCH] [New Rule] Potential Abuse of Resources by High Token Count and Large Response Sizes (#3644) --- detection_rules/schemas/definitions.py | 1 + ...k_high_resource_consumption_detection.toml | 58 +++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 rules/integrations/aws/aws_bedrock_high_resource_consumption_detection.toml diff --git a/detection_rules/schemas/definitions.py b/detection_rules/schemas/definitions.py index a64dcd6ac..2dfb6ddab 100644 --- a/detection_rules/schemas/definitions.py +++ b/detection_rules/schemas/definitions.py @@ -88,6 +88,7 @@ EXPECTED_RULE_TAGS = [ 'Domain: Cloud', 'Domain: Container', 'Domain: Endpoint', + 'Mitre Atlas: *', 'OS: Linux', 'OS: macOS', 'OS: Windows', diff --git a/rules/integrations/aws/aws_bedrock_high_resource_consumption_detection.toml b/rules/integrations/aws/aws_bedrock_high_resource_consumption_detection.toml new file mode 100644 index 000000000..207a28fd3 --- /dev/null +++ b/rules/integrations/aws/aws_bedrock_high_resource_consumption_detection.toml @@ -0,0 +1,58 @@ +[metadata] +creation_date = "2024/05/04" +maturity = "production" +updated_date = "2024/05/04" +min_stack_comments = "ES|QL rule type is still in technical preview as of 8.13, however this rule was tested successfully; integration in tech preview" +min_stack_version = "8.13.0" + +[rule] +author = ["Elastic"] +description = """ +Detects potential resource exhaustion or data breach attempts by monitoring for users who consistently generate high input token counts, submit numerous requests, and receive +large responses. This behavior could indicate an attempt to overload the system or extract an unusually large amount of data, possibly revealing sensitive information or +causing service disruptions. +""" +false_positives = ["Authorized heavy usage of the system that is business justified and monitored."] +from = "now-60m" +interval = "10m" +language = "esql" +license = "Elastic License v2" +name = "Potential Abuse of Resources by High Token Count and Large Response Sizes" +references = [ + "https://atlas.mitre.org/techniques/AML.T0051", + "https://owasp.org/www-project-top-10-for-large-language-model-applications/", + "https://www.elastic.co/security-labs/elastic-advances-llm-security", +] +risk_score = 47 +rule_id = "b1773d05-f349-45fb-9850-287b8f92f02d" +setup = """## Setup + +This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation: + +https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html +""" +severity = "medium" +tags = [ + "Domain: LLM", + "Data Source: AWS Bedrock", + "Data Source: Amazon Web Services", + "Data Source: AWS S3", + "Use Case: Potential Overload", + "Use Case: Resource Exhaustion", + "Mitre Atlas: LLM04" +] +timestamp_override = "event.ingested" +type = "esql" + +query = ''' +from logs-aws_bedrock.invocation-* +| stats max_tokens = max(gen_ai.usage.prompt_tokens), + total_requests = count(*), + avg_response_size = avg(gen_ai.usage.completion_tokens) + by user.id +// tokens count depends on specific LLM, as is related to how embeddings are generated. +| where max_tokens > 5000 and total_requests > 10 and avg_response_size > 500 +| eval risk_factor = (max_tokens / 1000) * total_requests * (avg_response_size / 500) +| where risk_factor > 10 +| sort risk_factor desc +'''