AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User

 1[metadata]
 2creation_date = "2024/05/02"
 3maturity = "production"
 4updated_date = "2024/05/02"
 5min_stack_comments = "ES|QL rule type is still in technical preview as of 8.13, however this rule was tested successfully; integration in tech preview"
 6min_stack_version = "8.13.0"
 7
 8[rule]
 9author = ["Elastic"]
10description = """
11Identifies multiple successive failed attempts to use denied model resources within AWS Bedrock. This could indicated
12attempts to bypass limitations of other approved models, or to force an impact on the environment by incurring
13exhorbitant costs.
14"""
15false_positives = ["Legitimate misunderstanding by users or overly strict policies"]
16from = "now-60m"
17interval = "10m"
18language = "esql"
19license = "Elastic License v2"
20name = "AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User"
21references = [
22    "https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html",
23    "https://atlas.mitre.org/techniques/AML.T0015",
24    "https://atlas.mitre.org/techniques/AML.T0034",
25    "https://www.elastic.co/security-labs/elastic-advances-llm-security"
26]
27risk_score = 73
28rule_id = "17261da3-a6d0-463c-aac8-ea1718afcd20"
29setup = """## Setup
30
31This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation:
32
33https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html
34"""
35severity = "high"
36tags = [
37    "Domain: LLM",
38    "Data Source: AWS Bedrock",
39    "Data Source: AWS S3",
40    "Resources: Investigation Guide",
41    "Use Case: Policy Violation",
42    "Mitre Atlas: T0015",
43    "Mitre Atlas: T0034",
44]
45timestamp_override = "event.ingested"
46type = "esql"
47
48query = '''
49from logs-aws_bedrock.invocation-*
50| where gen_ai.response.error_code == "AccessDeniedException"
51| stats total_denials = count(*) by user.id, gen_ai.request.model.id, cloud.account.id
52| where total_denials > 3
53| sort total_denials desc
54'''

References

• Components of a guardrail - Amazon Bedrock

  Learn about the different components of a guardrail in Amazon Bedrock

  
  Read More

• https://atlas.mitre.org/techniques/AML.T0015

  
  Read More

• https://atlas.mitre.org/techniques/AML.T0034

  
  Read More

• Elastic Advances LLM Security with Standardized Fields and Integrations — Elastic Security Labs

  

  Discover Elastic’s latest advancements in LLM security, focusing on standardized field integrations and enhanced detection capabilities. Learn how adopting these standards can safeguard your systems.

  
  Read More

Related rules

• AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request
• AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session
• Enumeration of Privileged Local Groups Membership
• Exchange Mailbox Export via PowerShell
• PowerShell Suspicious Script with Clipboard Retrieval Capabilities