Potential Denial of Azure OpenAI ML Service

 1[metadata]
 2creation_date = "2025/02/25"
 3maturity = "production"
 4updated_date = "2025/03/20"
 5
 6[rule]
 7author = ["Elastic"]
 8description = """
 9Detects patterns indicative of Denial-of-Service (DoS) attacks on machine learning (ML) models, focusing on unusually
10high volume and frequency of requests or patterns of requests that are known to cause performance degradation or service
11disruption, such as large input sizes or rapid API calls.
12"""
13false_positives = ["Unexpected system errors", "Legitimate spikes in usage due to business processes"]
14from = "now-60m"
15interval = "10m"
16language = "esql"
17license = "Elastic License v2"
18name = "Potential Denial of Azure OpenAI ML Service"
19references = [
20    "https://genai.owasp.org/llmrisk/llm04-model-denial-of-service",
21    "https://atlas.mitre.org/techniques/AML.T0029",
22]
23risk_score = 47
24rule_id = "b0450411-46e5-46d2-9b35-8b5dd9ba763e"
25setup = """## Setup
26
27For more information on streaming events, see the Azure OpenAI documentation:
28
29https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/stream-monitoring-data-event-hubs
30"""
31severity = "medium"
32tags = [
33    "Domain: LLM",
34    "Data Source: Azure OpenAI",
35    "Data Source: Azure Event Hubs",
36    "Use Case: Denial of Service",
37    "Mitre Atlas: T0029",
38]
39timestamp_override = "event.ingested"
40type = "esql"
41
42query = '''
43from logs-azure_openai.logs-*
44// truncate the timestamp to a 1-minute window
45| eval target_time_window = DATE_TRUNC(1 minutes, @timestamp)
46| where azure.open_ai.operation_name == "ChatCompletions_Create"
47| keep azure.open_ai.properties.request_length, azure.resource.name, cloud.account.id,target_time_window
48| stats count = count(), avg_request_size = avg(azure.open_ai.properties.request_length) by target_time_window, azure.resource.name
49| where count >= 10 and avg_request_size >= 5000
50| sort count desc
51'''