AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session

 1[metadata]
 2creation_date = "2024/05/02"
 3maturity = "production"
 4updated_date = "2024/05/02"
 5min_stack_comments = "ES|QL rule type is still in technical preview as of 8.13, however this rule was tested successfully; integration in tech preview"
 6min_stack_version = "8.13.0"
 7
 8[rule]
 9author = ["Elastic"]
10description = """
11Identifies multiple violations of AWS Bedrock guardrails by the same user in the same account over a session. Multiple
12violations implies that a user may be intentionally attempting to cirvumvent security controls, access sensitive
13information, or possibly exploit a vulnerability in the system.
14"""
15false_positives = ["Legitimate misunderstanding by users or overly strict policies"]
16from = "now-60m"
17interval = "10m"
18language = "esql"
19license = "Elastic License v2"
20name = "AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session"
21references = [
22    "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html",
23    "https://atlas.mitre.org/techniques/AML.T0051",
24    "https://atlas.mitre.org/techniques/AML.T0054",
25    "https://www.elastic.co/security-labs/elastic-advances-llm-security"
26]
27risk_score = 47
28rule_id = "0cd2f3e6-41da-40e6-b28b-466f688f00a6"
29setup = """## Setup
30
31This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation:
32
33https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html
34"""
35severity = "medium"
36tags = [
37    "Domain: LLM",
38    "Data Source: AWS Bedrock",
39    "Data Source: AWS S3",
40    "Resources: Investigation Guide",
41    "Use Case: Policy Violation",
42    "Mitre Atlas: T0051",
43    "Mitre Atlas: T0054",
44]
45timestamp_override = "event.ingested"
46type = "esql"
47
48query = '''
49from logs-aws_bedrock.invocation-*
50| where gen_ai.compliance.violation_detected
51| stats violations = count(*) by user.id, gen_ai.model.id, cloud.account.id
52| where violations > 1
53| sort violations desc
54'''

References

• Components of a guardrail - Amazon Bedrock

  Learn about the different components of a guardrail in Amazon Bedrock

  
  Read More

• https://atlas.mitre.org/techniques/AML.T0051

  
  Read More

• https://atlas.mitre.org/techniques/AML.T0054

  
  Read More

• Elastic Advances LLM Security with Standardized Fields and Integrations — Elastic Security Labs

  

  Discover Elastic’s latest advancements in LLM security, focusing on standardized field integrations and enhanced detection capabilities. Learn how adopting these standards can safeguard your systems.

  
  Read More

Related rules

• AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request
• AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User
• Enumeration of Privileged Local Groups Membership
• Exchange Mailbox Export via PowerShell
• PowerShell Suspicious Script with Clipboard Retrieval Capabilities