AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User
Identifies multiple successive failed attempts to use denied model resources within AWS Bedrock. This could indicated attempts to bypass limitations of other approved models, or to force an impact on the environment by incurring exhorbitant costs.
Elastic rule (View on GitHub)
1[metadata]
2creation_date = "2024/05/02"
3maturity = "production"
4updated_date = "2024/10/09"
5min_stack_comments = "ES|QL rule type is still in technical preview as of 8.13, however this rule was tested successfully; integration in tech preview"
6min_stack_version = "8.13.0"
7
8[rule]
9author = ["Elastic"]
10description = """
11Identifies multiple successive failed attempts to use denied model resources within AWS Bedrock. This could indicated
12attempts to bypass limitations of other approved models, or to force an impact on the environment by incurring
13exhorbitant costs.
14"""
15false_positives = ["Legitimate misunderstanding by users or overly strict policies"]
16from = "now-60m"
17interval = "10m"
18language = "esql"
19license = "Elastic License v2"
20name = "AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User"
21references = [
22 "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html",
23 "https://atlas.mitre.org/techniques/AML.T0015",
24 "https://atlas.mitre.org/techniques/AML.T0034",
25 "https://www.elastic.co/security-labs/elastic-advances-llm-security"
26]
27risk_score = 73
28rule_id = "17261da3-a6d0-463c-aac8-ea1718afcd20"
29setup = """## Setup
30
31This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation:
32
33https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html
34"""
35severity = "high"
36tags = [
37 "Domain: LLM",
38 "Data Source: AWS Bedrock",
39 "Data Source: AWS S3",
40 "Resources: Investigation Guide",
41 "Use Case: Policy Violation",
42 "Mitre Atlas: T0015",
43 "Mitre Atlas: T0034",
44]
45timestamp_override = "event.ingested"
46type = "esql"
47
48query = '''
49from logs-aws_bedrock.invocation-*
50| where gen_ai.response.error_code == "AccessDeniedException"
51| keep user.id, gen_ai.request.model.id, cloud.account.id, gen_ai.response.error_code
52| stats total_denials = count(*) by user.id, gen_ai.request.model.id, cloud.account.id
53| where total_denials > 3
54| sort total_denials desc
55'''
References
Related rules
- AWS Bedrock Detected Multiple Validation Exception Errors by a Single User
- AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request
- AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session
- Potential Abuse of Resources by High Token Count and Large Response Sizes
- AWS S3 Bucket Enumeration or Brute Force