[New Rules] AWS Bedrock Guardrails Violations (#3641)
* [New Rules] AWS Bedrock Guardrails Violations --------- Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
This commit is contained in:
Justin Ibarra
+54
@@ -0,0 +1,54 @@
|
||||
[metadata]
|
||||
creation_date = "2024/05/02"
|
||||
maturity = "production"
|
||||
updated_date = "2024/05/02"
|
||||
min_stack_comments = "ES|QL rule type is still in technical preview as of 8.13, however this rule was tested successfully; integration in tech preview"
|
||||
min_stack_version = "8.13.0"
|
||||
|
||||
[rule]
|
||||
author = ["Elastic"]
|
||||
description = """
|
||||
Identifies multiple violations of AWS Bedrock guardrails by the same user in the same account over a session. Multiple
|
||||
violations implies that a user may be intentionally attempting to cirvumvent security controls, access sensitive
|
||||
information, or possibly exploit a vulnerability in the system.
|
||||
"""
|
||||
false_positives = ["Legitimate misunderstanding by users or overly strict policies"]
|
||||
from = "now-60m"
|
||||
interval = "10m"
|
||||
language = "esql"
|
||||
license = "Elastic License v2"
|
||||
name = "AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session"
|
||||
references = [
|
||||
"https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html",
|
||||
"https://atlas.mitre.org/techniques/AML.T0051",
|
||||
"https://atlas.mitre.org/techniques/AML.T0054",
|
||||
"https://www.elastic.co/security-labs/elastic-advances-llm-security"
|
||||
]
|
||||
risk_score = 47
|
||||
rule_id = "0cd2f3e6-41da-40e6-b28b-466f688f00a6"
|
||||
setup = """## Setup
|
||||
|
||||
This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation:
|
||||
|
||||
https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html
|
||||
"""
|
||||
severity = "medium"
|
||||
tags = [
|
||||
"Domain: LLM",
|
||||
"Data Source: AWS Bedrock",
|
||||
"Data Source: AWS S3",
|
||||
"Resources: Investigation Guide",
|
||||
"Use Case: Policy Violation",
|
||||
"Mitre Atlas: T0051",
|
||||
"Mitre Atlas: T0054",
|
||||
]
|
||||
timestamp_override = "event.ingested"
|
||||
type = "esql"
|
||||
|
||||
query = '''
|
||||
from logs-aws_bedrock.invocation-*
|
||||
| where gen_ai.compliance.violation_detected
|
||||
| stats violations = count(*) by user.id, gen_ai.model.id, cloud.account.id
|
||||
| where violations > 1
|
||||
| sort violations desc
|
||||
'''
|
||||
+55
@@ -0,0 +1,55 @@
|
||||
[metadata]
|
||||
creation_date = "2024/05/02"
|
||||
maturity = "production"
|
||||
updated_date = "2024/05/02"
|
||||
min_stack_comments = "ES|QL rule type is still in technical preview as of 8.13, however this rule was tested successfully; integration in tech preview"
|
||||
min_stack_version = "8.13.0"
|
||||
|
||||
[rule]
|
||||
author = ["Elastic"]
|
||||
description = """
|
||||
Identifies multiple violations of AWS Bedrock guardrails within a single request, resulting in a block action,
|
||||
increasing the likelihood of malicious intent. Multiple violations implies that a user may be intentionally attempting
|
||||
to cirvumvent security controls, access sensitive information, or possibly exploit a vulnerability in the system.
|
||||
"""
|
||||
false_positives = ["Legitimate misunderstanding by users or overly strict policies"]
|
||||
from = "now-60m"
|
||||
interval = "10m"
|
||||
language = "esql"
|
||||
license = "Elastic License v2"
|
||||
name = "AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request"
|
||||
references = [
|
||||
"https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html",
|
||||
"https://atlas.mitre.org/techniques/AML.T0051",
|
||||
"https://atlas.mitre.org/techniques/AML.T0054",
|
||||
"https://www.elastic.co/security-labs/elastic-advances-llm-security"
|
||||
]
|
||||
risk_score = 21
|
||||
rule_id = "f4c2515a-18bb-47ce-a768-1dc4e7b0fe6c"
|
||||
setup = """## Setup
|
||||
|
||||
This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation:
|
||||
|
||||
https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html
|
||||
"""
|
||||
severity = "low"
|
||||
tags = [
|
||||
"Domain: LLM",
|
||||
"Data Source: AWS Bedrock",
|
||||
"Data Source: AWS S3",
|
||||
"Resources: Investigation Guide",
|
||||
"Use Case: Policy Violation",
|
||||
"Mitre Atlas: T0051",
|
||||
"Mitre Atlas: T0054",
|
||||
]
|
||||
timestamp_override = "event.ingested"
|
||||
type = "esql"
|
||||
|
||||
query = '''
|
||||
from logs-aws_bedrock.invocation-*
|
||||
| where gen_ai.policy.action == "BLOCKED"
|
||||
| eval policy_violations = mv_count(gen_ai.policy.name)
|
||||
| where policy_violations > 1
|
||||
| stats total_unique_request_violations = count(*) by policy_violations, user.id, gen_ai.request.model.id, cloud.account.id
|
||||
| sort total_unique_request_violations desc
|
||||
'''
|
||||
+54
@@ -0,0 +1,54 @@
|
||||
[metadata]
|
||||
creation_date = "2024/05/02"
|
||||
maturity = "production"
|
||||
updated_date = "2024/05/02"
|
||||
min_stack_comments = "ES|QL rule type is still in technical preview as of 8.13, however this rule was tested successfully; integration in tech preview"
|
||||
min_stack_version = "8.13.0"
|
||||
|
||||
[rule]
|
||||
author = ["Elastic"]
|
||||
description = """
|
||||
Identifies multiple successive failed attempts to use denied model resources within AWS Bedrock. This could indicated
|
||||
attempts to bypass limitations of other approved models, or to force an impact on the environment by incurring
|
||||
exhorbitant costs.
|
||||
"""
|
||||
false_positives = ["Legitimate misunderstanding by users or overly strict policies"]
|
||||
from = "now-60m"
|
||||
interval = "10m"
|
||||
language = "esql"
|
||||
license = "Elastic License v2"
|
||||
name = "AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User"
|
||||
references = [
|
||||
"https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html",
|
||||
"https://atlas.mitre.org/techniques/AML.T0015",
|
||||
"https://atlas.mitre.org/techniques/AML.T0034",
|
||||
"https://www.elastic.co/security-labs/elastic-advances-llm-security"
|
||||
]
|
||||
risk_score = 73
|
||||
rule_id = "17261da3-a6d0-463c-aac8-ea1718afcd20"
|
||||
setup = """## Setup
|
||||
|
||||
This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation:
|
||||
|
||||
https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html
|
||||
"""
|
||||
severity = "high"
|
||||
tags = [
|
||||
"Domain: LLM",
|
||||
"Data Source: AWS Bedrock",
|
||||
"Data Source: AWS S3",
|
||||
"Resources: Investigation Guide",
|
||||
"Use Case: Policy Violation",
|
||||
"Mitre Atlas: T0015",
|
||||
"Mitre Atlas: T0034",
|
||||
]
|
||||
timestamp_override = "event.ingested"
|
||||
type = "esql"
|
||||
|
||||
query = '''
|
||||
from logs-aws_bedrock.invocation-*
|
||||
| where gen_ai.response.error_code == "AccessDeniedException"
|
||||
| stats total_denials = count(*) by user.id, gen_ai.request.model.id, cloud.account.id
|
||||
| where total_denials > 3
|
||||
| sort total_denials desc
|
||||
'''
|
||||
Reference in New Issue
Block a user