From 613457b97fee249cd2698a75628f9f9b2baca278 Mon Sep 17 00:00:00 2001 From: Justin Ibarra <16747370+brokensound77@users.noreply.github.com> Date: Fri, 3 May 2024 20:55:27 -0600 Subject: [PATCH] [New Rules] AWS Bedrock Guardrails Violations (#3641) * [New Rules] AWS Bedrock Guardrails Violations --------- Co-authored-by: brokensound77 --- ...ls_multiple_violations_by_single_user.toml | 54 ++++++++++++++++++ ...multiple_violations_in_single_request.toml | 55 +++++++++++++++++++ ...attempts_to_use_denied_models_by_user.toml | 54 ++++++++++++++++++ 3 files changed, 163 insertions(+) create mode 100644 rules/integrations/aws_bedrock/aws_bedrock_guardrails_multiple_violations_by_single_user.toml create mode 100644 rules/integrations/aws_bedrock/aws_bedrock_guardrails_multiple_violations_in_single_request.toml create mode 100644 rules/integrations/aws_bedrock/aws_bedrock_multiple_attempts_to_use_denied_models_by_user.toml diff --git a/rules/integrations/aws_bedrock/aws_bedrock_guardrails_multiple_violations_by_single_user.toml b/rules/integrations/aws_bedrock/aws_bedrock_guardrails_multiple_violations_by_single_user.toml new file mode 100644 index 000000000..16de3c3ac --- /dev/null +++ b/rules/integrations/aws_bedrock/aws_bedrock_guardrails_multiple_violations_by_single_user.toml @@ -0,0 +1,54 @@ +[metadata] +creation_date = "2024/05/02" +maturity = "production" +updated_date = "2024/05/02" +min_stack_comments = "ES|QL rule type is still in technical preview as of 8.13, however this rule was tested successfully; integration in tech preview" +min_stack_version = "8.13.0" + +[rule] +author = ["Elastic"] +description = """ +Identifies multiple violations of AWS Bedrock guardrails by the same user in the same account over a session. Multiple +violations implies that a user may be intentionally attempting to cirvumvent security controls, access sensitive +information, or possibly exploit a vulnerability in the system. +""" +false_positives = ["Legitimate misunderstanding by users or overly strict policies"] +from = "now-60m" +interval = "10m" +language = "esql" +license = "Elastic License v2" +name = "AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session" +references = [ + "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html", + "https://atlas.mitre.org/techniques/AML.T0051", + "https://atlas.mitre.org/techniques/AML.T0054", + "https://www.elastic.co/security-labs/elastic-advances-llm-security" +] +risk_score = 47 +rule_id = "0cd2f3e6-41da-40e6-b28b-466f688f00a6" +setup = """## Setup + +This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation: + +https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html +""" +severity = "medium" +tags = [ + "Domain: LLM", + "Data Source: AWS Bedrock", + "Data Source: AWS S3", + "Resources: Investigation Guide", + "Use Case: Policy Violation", + "Mitre Atlas: T0051", + "Mitre Atlas: T0054", +] +timestamp_override = "event.ingested" +type = "esql" + +query = ''' +from logs-aws_bedrock.invocation-* +| where gen_ai.compliance.violation_detected +| stats violations = count(*) by user.id, gen_ai.model.id, cloud.account.id +| where violations > 1 +| sort violations desc +''' diff --git a/rules/integrations/aws_bedrock/aws_bedrock_guardrails_multiple_violations_in_single_request.toml b/rules/integrations/aws_bedrock/aws_bedrock_guardrails_multiple_violations_in_single_request.toml new file mode 100644 index 000000000..18bb368ae --- /dev/null +++ b/rules/integrations/aws_bedrock/aws_bedrock_guardrails_multiple_violations_in_single_request.toml @@ -0,0 +1,55 @@ +[metadata] +creation_date = "2024/05/02" +maturity = "production" +updated_date = "2024/05/02" +min_stack_comments = "ES|QL rule type is still in technical preview as of 8.13, however this rule was tested successfully; integration in tech preview" +min_stack_version = "8.13.0" + +[rule] +author = ["Elastic"] +description = """ +Identifies multiple violations of AWS Bedrock guardrails within a single request, resulting in a block action, +increasing the likelihood of malicious intent. Multiple violations implies that a user may be intentionally attempting +to cirvumvent security controls, access sensitive information, or possibly exploit a vulnerability in the system. +""" +false_positives = ["Legitimate misunderstanding by users or overly strict policies"] +from = "now-60m" +interval = "10m" +language = "esql" +license = "Elastic License v2" +name = "AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request" +references = [ + "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html", + "https://atlas.mitre.org/techniques/AML.T0051", + "https://atlas.mitre.org/techniques/AML.T0054", + "https://www.elastic.co/security-labs/elastic-advances-llm-security" +] +risk_score = 21 +rule_id = "f4c2515a-18bb-47ce-a768-1dc4e7b0fe6c" +setup = """## Setup + +This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation: + +https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html +""" +severity = "low" +tags = [ + "Domain: LLM", + "Data Source: AWS Bedrock", + "Data Source: AWS S3", + "Resources: Investigation Guide", + "Use Case: Policy Violation", + "Mitre Atlas: T0051", + "Mitre Atlas: T0054", +] +timestamp_override = "event.ingested" +type = "esql" + +query = ''' +from logs-aws_bedrock.invocation-* +| where gen_ai.policy.action == "BLOCKED" +| eval policy_violations = mv_count(gen_ai.policy.name) +| where policy_violations > 1 +| stats total_unique_request_violations = count(*) by policy_violations, user.id, gen_ai.request.model.id, cloud.account.id +| sort total_unique_request_violations desc +''' diff --git a/rules/integrations/aws_bedrock/aws_bedrock_multiple_attempts_to_use_denied_models_by_user.toml b/rules/integrations/aws_bedrock/aws_bedrock_multiple_attempts_to_use_denied_models_by_user.toml new file mode 100644 index 000000000..2544969e4 --- /dev/null +++ b/rules/integrations/aws_bedrock/aws_bedrock_multiple_attempts_to_use_denied_models_by_user.toml @@ -0,0 +1,54 @@ +[metadata] +creation_date = "2024/05/02" +maturity = "production" +updated_date = "2024/05/02" +min_stack_comments = "ES|QL rule type is still in technical preview as of 8.13, however this rule was tested successfully; integration in tech preview" +min_stack_version = "8.13.0" + +[rule] +author = ["Elastic"] +description = """ +Identifies multiple successive failed attempts to use denied model resources within AWS Bedrock. This could indicated +attempts to bypass limitations of other approved models, or to force an impact on the environment by incurring +exhorbitant costs. +""" +false_positives = ["Legitimate misunderstanding by users or overly strict policies"] +from = "now-60m" +interval = "10m" +language = "esql" +license = "Elastic License v2" +name = "AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User" +references = [ + "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html", + "https://atlas.mitre.org/techniques/AML.T0015", + "https://atlas.mitre.org/techniques/AML.T0034", + "https://www.elastic.co/security-labs/elastic-advances-llm-security" +] +risk_score = 73 +rule_id = "17261da3-a6d0-463c-aac8-ea1718afcd20" +setup = """## Setup + +This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation: + +https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html +""" +severity = "high" +tags = [ + "Domain: LLM", + "Data Source: AWS Bedrock", + "Data Source: AWS S3", + "Resources: Investigation Guide", + "Use Case: Policy Violation", + "Mitre Atlas: T0015", + "Mitre Atlas: T0034", +] +timestamp_override = "event.ingested" +type = "esql" + +query = ''' +from logs-aws_bedrock.invocation-* +| where gen_ai.response.error_code == "AccessDeniedException" +| stats total_denials = count(*) by user.id, gen_ai.request.model.id, cloud.account.id +| where total_denials > 3 +| sort total_denials desc +'''