AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request

 1[metadata]
 2creation_date = "2024/05/02"
 3maturity = "production"
 4updated_date = "2024/05/02"
 5min_stack_comments = "ES|QL rule type is still in technical preview as of 8.13, however this rule was tested successfully; integration in tech preview"
 6min_stack_version = "8.13.0"
 7
 8[rule]
 9author = ["Elastic"]
10description = """
11Identifies multiple violations of AWS Bedrock guardrails within a single request, resulting in a block action,
12increasing the likelihood of malicious intent. Multiple violations implies that a user may be intentionally attempting
13to cirvumvent security controls, access sensitive information, or possibly exploit a vulnerability in the system.
14"""
15false_positives = ["Legitimate misunderstanding by users or overly strict policies"]
16from = "now-60m"
17interval = "10m"
18language = "esql"
19license = "Elastic License v2"
20name = "AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request"
21references = [
22    "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html",
23    "https://atlas.mitre.org/techniques/AML.T0051",
24    "https://atlas.mitre.org/techniques/AML.T0054",
25    "https://www.elastic.co/security-labs/elastic-advances-llm-security"
26]
27risk_score = 21
28rule_id = "f4c2515a-18bb-47ce-a768-1dc4e7b0fe6c"
29setup = """## Setup
30
31This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation:
32
33https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html
34"""
35severity = "low"
36tags = [
37    "Domain: LLM",
38    "Data Source: AWS Bedrock",
39    "Data Source: AWS S3",
40    "Resources: Investigation Guide",
41    "Use Case: Policy Violation",
42    "Mitre Atlas: T0051",
43    "Mitre Atlas: T0054",
44]
45timestamp_override = "event.ingested"
46type = "esql"
47
48query = '''
49from logs-aws_bedrock.invocation-*
50| where gen_ai.policy.action == "BLOCKED"
51| eval policy_violations = mv_count(gen_ai.policy.name)
52| where policy_violations > 1
53| stats total_unique_request_violations = count(*) by policy_violations, user.id, gen_ai.request.model.id, cloud.account.id
54| sort total_unique_request_violations desc
55'''

References

• Components of a guardrail - Amazon Bedrock

  Learn about the different components of a guardrail in Amazon Bedrock

  
  Read More

• https://atlas.mitre.org/techniques/AML.T0051

  
  Read More

• https://atlas.mitre.org/techniques/AML.T0054

  
  Read More

• Elastic Advances LLM Security with Standardized Fields and Integrations — Elastic Security Labs

  

  Discover Elastic’s latest advancements in LLM security, focusing on standardized field integrations and enhanced detection capabilities. Learn how adopting these standards can safeguard your systems.

  
  Read More

Related rules

• AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session
• AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User
• Enumeration of Privileged Local Groups Membership
• Exchange Mailbox Export via PowerShell
• PowerShell Suspicious Script with Clipboard Retrieval Capabilities