diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-aws-bedrock-detected-multiple-attempts-to-use-denied-models-by-a-single-user.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-aws-bedrock-detected-multiple-attempts-to-use-denied-models-by-a-single-user.asciidoc new file mode 100644 index 0000000000..716fc1b2f4 --- /dev/null +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-aws-bedrock-detected-multiple-attempts-to-use-denied-models-by-a-single-user.asciidoc @@ -0,0 +1,69 @@ +[[prebuilt-rule-8-13-6-aws-bedrock-detected-multiple-attempts-to-use-denied-models-by-a-single-user]] +=== AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User + +Identifies multiple successive failed attempts to use denied model resources within AWS Bedrock. This could indicated attempts to bypass limitations of other approved models, or to force an impact on the environment by incurring exhorbitant costs. + +*Rule type*: esql + +*Rule indices*: None + +*Severity*: high + +*Risk score*: 73 + +*Runs every*: 10m + +*Searches indices from*: now-60m ({ref}/common-options.html#date-math[Date Math format], see also <>) + +*Maximum alerts per execution*: 100 + +*References*: + +* https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html +* https://atlas.mitre.org/techniques/AML.T0015 +* https://atlas.mitre.org/techniques/AML.T0034 +* https://www.elastic.co/security-labs/elastic-advances-llm-security + +*Tags*: + +* Domain: LLM +* Data Source: AWS Bedrock +* Data Source: AWS S3 +* Resources: Investigation Guide +* Use Case: Policy Violation +* Mitre Atlas: T0015 +* Mitre Atlas: T0034 + +*Version*: 1 + +*Rule authors*: + +* Elastic + +*Rule license*: Elastic License v2 + + +==== Setup + + + +*Setup* + + +This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation: + +https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html + + +==== Rule query + + +[source, js] +---------------------------------- +from logs-aws_bedrock.invocation-* +| where gen_ai.response.error_code == "AccessDeniedException" +| stats total_denials = count(*) by user.id, gen_ai.request.model.id, cloud.account.id +| where total_denials > 3 +| sort total_denials desc + +---------------------------------- diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-aws-bedrock-guardrails-detected-multiple-policy-violations-within-a-single-blocked-request.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-aws-bedrock-guardrails-detected-multiple-policy-violations-within-a-single-blocked-request.asciidoc new file mode 100644 index 0000000000..0f5e400d26 --- /dev/null +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-aws-bedrock-guardrails-detected-multiple-policy-violations-within-a-single-blocked-request.asciidoc @@ -0,0 +1,70 @@ +[[prebuilt-rule-8-13-6-aws-bedrock-guardrails-detected-multiple-policy-violations-within-a-single-blocked-request]] +=== AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request + +Identifies multiple violations of AWS Bedrock guardrails within a single request, resulting in a block action, increasing the likelihood of malicious intent. Multiple violations implies that a user may be intentionally attempting to cirvumvent security controls, access sensitive information, or possibly exploit a vulnerability in the system. + +*Rule type*: esql + +*Rule indices*: None + +*Severity*: low + +*Risk score*: 21 + +*Runs every*: 10m + +*Searches indices from*: now-60m ({ref}/common-options.html#date-math[Date Math format], see also <>) + +*Maximum alerts per execution*: 100 + +*References*: + +* https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html +* https://atlas.mitre.org/techniques/AML.T0051 +* https://atlas.mitre.org/techniques/AML.T0054 +* https://www.elastic.co/security-labs/elastic-advances-llm-security + +*Tags*: + +* Domain: LLM +* Data Source: AWS Bedrock +* Data Source: AWS S3 +* Resources: Investigation Guide +* Use Case: Policy Violation +* Mitre Atlas: T0051 +* Mitre Atlas: T0054 + +*Version*: 1 + +*Rule authors*: + +* Elastic + +*Rule license*: Elastic License v2 + + +==== Setup + + + +*Setup* + + +This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation: + +https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html + + +==== Rule query + + +[source, js] +---------------------------------- +from logs-aws_bedrock.invocation-* +| where gen_ai.policy.action == "BLOCKED" +| eval policy_violations = mv_count(gen_ai.policy.name) +| where policy_violations > 1 +| stats total_unique_request_violations = count(*) by policy_violations, user.id, gen_ai.request.model.id, cloud.account.id +| sort total_unique_request_violations desc + +---------------------------------- diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-aws-bedrock-guardrails-detected-multiple-violations-by-a-single-user-over-a-session.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-aws-bedrock-guardrails-detected-multiple-violations-by-a-single-user-over-a-session.asciidoc new file mode 100644 index 0000000000..c9a69f6858 --- /dev/null +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-aws-bedrock-guardrails-detected-multiple-violations-by-a-single-user-over-a-session.asciidoc @@ -0,0 +1,69 @@ +[[prebuilt-rule-8-13-6-aws-bedrock-guardrails-detected-multiple-violations-by-a-single-user-over-a-session]] +=== AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session + +Identifies multiple violations of AWS Bedrock guardrails by the same user in the same account over a session. Multiple violations implies that a user may be intentionally attempting to cirvumvent security controls, access sensitive information, or possibly exploit a vulnerability in the system. + +*Rule type*: esql + +*Rule indices*: None + +*Severity*: medium + +*Risk score*: 47 + +*Runs every*: 10m + +*Searches indices from*: now-60m ({ref}/common-options.html#date-math[Date Math format], see also <>) + +*Maximum alerts per execution*: 100 + +*References*: + +* https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html +* https://atlas.mitre.org/techniques/AML.T0051 +* https://atlas.mitre.org/techniques/AML.T0054 +* https://www.elastic.co/security-labs/elastic-advances-llm-security + +*Tags*: + +* Domain: LLM +* Data Source: AWS Bedrock +* Data Source: AWS S3 +* Resources: Investigation Guide +* Use Case: Policy Violation +* Mitre Atlas: T0051 +* Mitre Atlas: T0054 + +*Version*: 1 + +*Rule authors*: + +* Elastic + +*Rule license*: Elastic License v2 + + +==== Setup + + + +*Setup* + + +This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation: + +https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html + + +==== Rule query + + +[source, js] +---------------------------------- +from logs-aws_bedrock.invocation-* +| where gen_ai.compliance.violation_detected +| stats violations = count(*) by user.id, gen_ai.model.id, cloud.account.id +| where violations > 1 +| sort violations desc + +---------------------------------- diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-aws-s3-bucket-enumeration-or-brute-force.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-aws-s3-bucket-enumeration-or-brute-force.asciidoc new file mode 100644 index 0000000000..3534d5a4eb --- /dev/null +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-aws-s3-bucket-enumeration-or-brute-force.asciidoc @@ -0,0 +1,147 @@ +[[prebuilt-rule-8-13-6-aws-s3-bucket-enumeration-or-brute-force]] +=== AWS S3 Bucket Enumeration or Brute Force + +Identifies a high number of failed S3 operations from a single source and account (or anonymous account) within a short timeframe. This activity can be indicative of attempting to cause an increase in billing to an account for excessive random operations, cause resource exhaustion, or enumerating bucket names for discovery. + +*Rule type*: esql + +*Rule indices*: None + +*Severity*: low + +*Risk score*: 21 + +*Runs every*: 5m + +*Searches indices from*: now-10m ({ref}/common-options.html#date-math[Date Math format], see also <>) + +*Maximum alerts per execution*: 100 + +*References*: + +* https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1 +* https://docs.aws.amazon.com/cli/latest/reference/s3api/ + +*Tags*: + +* Domain: Cloud +* Data Source: AWS +* Data Source: Amazon Web Services +* Data Source: AWS S3 +* Resources: Investigation Guide +* Use Case: Log Auditing +* Tactic: Impact + +*Version*: 1 + +*Rule authors*: + +* Elastic + +*Rule license*: Elastic License v2 + + +==== Investigation guide + + + +*Triage and analysis* + + + +*Investigating AWS S3 Bucket Enumeration or Brute Force* + + +AWS S3 buckets can be be brute forced to cause financial impact against the resource owner. What makes this even riskier is that even private, locked down buckets can still trigger a potential cost, even with an "Access Denied", while also being accessible from unauthenticated, anonymous accounts. This also appears to work on several or all https://docs.aws.amazon.com/cli/latest/reference/s3api/[operations] (GET, PUT, list-objects, etc.). Additionally, buckets are trivially discoverable by default as long as the bucket name is known, making it vulnerable to enumeration for discovery. + +Attackers may attempt to enumerate names until a valid bucket is discovered and then pivot to cause financial impact, enumerate for more information, or brute force in other ways to attempt to exfil data. + + +*Possible investigation steps* + + +- Examine the history of the operation requests from the same `source.address` and `cloud.account.id` to determine if there is other suspicious activity. +- Review similar requests and look at the `user.agent` info to ascertain the source of the requests (though do not overly rely on this since it is controlled by the requestor). +- Review other requests to the same `aws.s3.object.key` as well as other `aws.s3.object.key` accessed by the same `cloud.account.id` or `source.address`. +- Investigate other alerts associated with the user account during the past 48 hours. +- Validate the activity is not related to planned patches, updates, or network administrator activity. +- Examine the request parameters. These may indicate the source of the program or the nature of the task being performed when the error occurred. + - Check whether the error is related to unsuccessful attempts to enumerate or access objects, data, or secrets. +- Considering the source IP address and geolocation of the user who issued the command: + - Do they look normal for the calling user? + - If the source is an EC2 IP address, is it associated with an EC2 instance in one of your accounts or is the source IP from an EC2 instance that's not under your control? + - If it is an authorized EC2 instance, is the activity associated with normal behavior for the instance role or roles? Are there any other alerts or signs of suspicious activity involving this instance? +- Consider the time of day. If the user is a human (not a program or script), did the activity take place during a normal time of day? +- Contact the account owner and confirm whether they are aware of this activity if suspicious. +- If you suspect the account has been compromised, scope potentially compromised assets by tracking servers, services, and data accessed by the account in the last 24 hours. + + +*False positive analysis* + + +- Verify the `source.address` and `cloud.account.id` - there are some valid operations from within AWS directly that can cause failures and false positives. Additionally, failed automation can also caeuse false positives, but should be identifiable by reviewing the `source.address` and `cloud.account.id`. + + +*Response and remediation* + + +- Initiate the incident response process based on the outcome of the triage. +- Disable or limit the account during the investigation and response. +- Identify the possible impact of the incident and prioritize accordingly; the following actions can help you gain context: + - Identify the account role in the cloud environment. + - Assess the criticality of affected services and servers. + - Work with your IT team to identify and minimize the impact on users. + - Identify if the attacker is moving laterally and compromising other accounts, servers, or services. + - Identify any regulatory or legal ramifications related to this activity. +- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords or delete API keys as needed to revoke the attacker's access to the environment. Work with your IT teams to minimize the impact on business operations during these actions. +- Check if unauthorized new users were created, remove unauthorized new accounts, and request password resets for other IAM users. +- Consider enabling multi-factor authentication for users. +- Review the permissions assigned to the implicated user to ensure that the least privilege principle is being followed. +- Implement security best practices https://aws.amazon.com/premiumsupport/knowledge-center/security-best-practices/[outlined] by AWS. +- Take the actions needed to return affected systems, data, or services to their normal operational levels. +- Identify the initial vector abused by the attacker and take action to prevent reinfection via the same vector. +- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR). +- Check for PutBucketPolicy event actions as well to see if they have been tampered with. While we monitor for denied, a single successful action to add a backdoor into the bucket via policy updates (however they got permissions) may be critical to identify during TDIR. + + + +==== Rule query + + +[source, js] +---------------------------------- +from logs-aws.cloudtrail* +| where event.provider == "s3.amazonaws.com" and aws.cloudtrail.error_code == "AccessDenied" +| stats failed_requests = count(*) by tls.client.server_name, source.address, cloud.account.id + // can modify the failed request count or tweak time window to fit environment + // can add `not cloud.account.id in (KNOWN)` or specify in exceptions +| where failed_requests > 40 + +---------------------------------- + +*Framework*: MITRE ATT&CK^TM^ + +* Tactic: +** Name: Impact +** ID: TA0040 +** Reference URL: https://attack.mitre.org/tactics/TA0040/ +* Technique: +** Name: Financial Theft +** ID: T1657 +** Reference URL: https://attack.mitre.org/techniques/T1657/ +* Tactic: +** Name: Discovery +** ID: TA0007 +** Reference URL: https://attack.mitre.org/tactics/TA0007/ +* Technique: +** Name: Cloud Infrastructure Discovery +** ID: T1580 +** Reference URL: https://attack.mitre.org/techniques/T1580/ +* Tactic: +** Name: Collection +** ID: TA0009 +** Reference URL: https://attack.mitre.org/tactics/TA0009/ +* Technique: +** Name: Data from Cloud Storage +** ID: T1530 +** Reference URL: https://attack.mitre.org/techniques/T1530/ diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-potential-abuse-of-resources-by-high-token-count-and-large-response-sizes.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-potential-abuse-of-resources-by-high-token-count-and-large-response-sizes.asciidoc new file mode 100644 index 0000000000..d788c70999 --- /dev/null +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-potential-abuse-of-resources-by-high-token-count-and-large-response-sizes.asciidoc @@ -0,0 +1,73 @@ +[[prebuilt-rule-8-13-6-potential-abuse-of-resources-by-high-token-count-and-large-response-sizes]] +=== Potential Abuse of Resources by High Token Count and Large Response Sizes + +Detects potential resource exhaustion or data breach attempts by monitoring for users who consistently generate high input token counts, submit numerous requests, and receive large responses. This behavior could indicate an attempt to overload the system or extract an unusually large amount of data, possibly revealing sensitive information or causing service disruptions. + +*Rule type*: esql + +*Rule indices*: None + +*Severity*: medium + +*Risk score*: 47 + +*Runs every*: 10m + +*Searches indices from*: now-60m ({ref}/common-options.html#date-math[Date Math format], see also <>) + +*Maximum alerts per execution*: 100 + +*References*: + +* https://atlas.mitre.org/techniques/AML.T0051 +* https://owasp.org/www-project-top-10-for-large-language-model-applications/ +* https://www.elastic.co/security-labs/elastic-advances-llm-security + +*Tags*: + +* Domain: LLM +* Data Source: AWS Bedrock +* Data Source: Amazon Web Services +* Data Source: AWS S3 +* Use Case: Potential Overload +* Use Case: Resource Exhaustion +* Mitre Atlas: LLM04 + +*Version*: 1 + +*Rule authors*: + +* Elastic + +*Rule license*: Elastic License v2 + + +==== Setup + + + +*Setup* + + +This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation: + +https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html + + +==== Rule query + + +[source, js] +---------------------------------- +from logs-aws_bedrock.invocation-* +| stats max_tokens = max(gen_ai.usage.prompt_tokens), + total_requests = count(*), + avg_response_size = avg(gen_ai.usage.completion_tokens) + by user.id +// tokens count depends on specific LLM, as is related to how embeddings are generated. +| where max_tokens > 5000 and total_requests > 10 and avg_response_size > 500 +| eval risk_factor = (max_tokens / 1000) * total_requests * (avg_response_size / 500) +| where risk_factor > 10 +| sort risk_factor desc + +---------------------------------- diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-unusual-high-confidence-misconduct-blocks-detected.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-unusual-high-confidence-misconduct-blocks-detected.asciidoc new file mode 100644 index 0000000000..39eabc7504 --- /dev/null +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rule-8-13-6-unusual-high-confidence-misconduct-blocks-detected.asciidoc @@ -0,0 +1,68 @@ +[[prebuilt-rule-8-13-6-unusual-high-confidence-misconduct-blocks-detected]] +=== Unusual High Confidence Misconduct Blocks Detected + +Detects repeated high-confidence 'BLOCKED' actions coupled with specific violation codes such as 'MISCONDUCT', indicating persistent misuse or attempts to probe the model's ethical boundaries. + +*Rule type*: esql + +*Rule indices*: None + +*Severity*: high + +*Risk score*: 73 + +*Runs every*: 10m + +*Searches indices from*: now-60m ({ref}/common-options.html#date-math[Date Math format], see also <>) + +*Maximum alerts per execution*: 100 + +*References*: + +* https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html +* https://atlas.mitre.org/techniques/AML.T0051 +* https://atlas.mitre.org/techniques/AML.T0054 +* https://www.elastic.co/security-labs/elastic-advances-llm-security + +*Tags*: + +* Domain: LLM +* Data Source: AWS Bedrock +* Data Source: AWS S3 +* Use Case: Policy Violation +* Mitre Atlas: T0051 +* Mitre Atlas: T0054 + +*Version*: 1 + +*Rule authors*: + +* Elastic + +*Rule license*: Elastic License v2 + + +==== Setup + + + +*Setup* + + +This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation: + +https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html + + +==== Rule query + + +[source, js] +---------------------------------- +from logs-aws_bedrock.invocation-* +| where gen_ai.policy.confidence == "HIGH" and gen_ai.policy.action == "BLOCKED" and gen_ai.compliance.violation_code == "MISCONDUCT" +| stats high_confidence_blocks = count() by user.id +| where high_confidence_blocks > 5 +| sort high_confidence_blocks desc + +---------------------------------- diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rules-8-13-6-appendix.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rules-8-13-6-appendix.asciidoc new file mode 100644 index 0000000000..3cc02c9bc1 --- /dev/null +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rules-8-13-6-appendix.asciidoc @@ -0,0 +1,12 @@ +["appendix",role="exclude",id="prebuilt-rule-8-13-6-prebuilt-rules-8-13-6-appendix"] += Downloadable rule update v8.13.6 + +This section lists all updates associated with version 8.13.6 of the Fleet integration *Prebuilt Security Detection Rules*. + + +include::prebuilt-rule-8-13-6-aws-s3-bucket-enumeration-or-brute-force.asciidoc[] +include::prebuilt-rule-8-13-6-aws-bedrock-guardrails-detected-multiple-violations-by-a-single-user-over-a-session.asciidoc[] +include::prebuilt-rule-8-13-6-aws-bedrock-guardrails-detected-multiple-policy-violations-within-a-single-blocked-request.asciidoc[] +include::prebuilt-rule-8-13-6-unusual-high-confidence-misconduct-blocks-detected.asciidoc[] +include::prebuilt-rule-8-13-6-potential-abuse-of-resources-by-high-token-count-and-large-response-sizes.asciidoc[] +include::prebuilt-rule-8-13-6-aws-bedrock-detected-multiple-attempts-to-use-denied-models-by-a-single-user.asciidoc[] diff --git a/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rules-8-13-6-summary.asciidoc b/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rules-8-13-6-summary.asciidoc new file mode 100644 index 0000000000..0207aa21d1 --- /dev/null +++ b/docs/detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rules-8-13-6-summary.asciidoc @@ -0,0 +1,24 @@ +[[prebuilt-rule-8-13-6-prebuilt-rules-8-13-6-summary]] +[role="xpack"] +== Update v8.13.6 + +This section lists all updates associated with version 8.13.6 of the Fleet integration *Prebuilt Security Detection Rules*. + + +[width="100%",options="header"] +|============================================== +|Rule |Description |Status |Version + +|<> | Identifies a high number of failed S3 operations from a single source and account (or anonymous account) within a short timeframe. This activity can be indicative of attempting to cause an increase in billing to an account for excessive random operations, cause resource exhaustion, or enumerating bucket names for discovery. | new | 1 + +|<> | Identifies multiple violations of AWS Bedrock guardrails by the same user in the same account over a session. Multiple violations implies that a user may be intentionally attempting to cirvumvent security controls, access sensitive information, or possibly exploit a vulnerability in the system. | new | 1 + +|<> | Identifies multiple violations of AWS Bedrock guardrails within a single request, resulting in a block action, increasing the likelihood of malicious intent. Multiple violations implies that a user may be intentionally attempting to cirvumvent security controls, access sensitive information, or possibly exploit a vulnerability in the system. | new | 1 + +|<> | Detects repeated high-confidence 'BLOCKED' actions coupled with specific violation codes such as 'MISCONDUCT', indicating persistent misuse or attempts to probe the model's ethical boundaries. | new | 1 + +|<> | Detects potential resource exhaustion or data breach attempts by monitoring for users who consistently generate high input token counts, submit numerous requests, and receive large responses. This behavior could indicate an attempt to overload the system or extract an unusually large amount of data, possibly revealing sensitive information or causing service disruptions. | new | 1 + +|<> | Identifies multiple successive failed attempts to use denied model resources within AWS Bedrock. This could indicated attempts to bypass limitations of other approved models, or to force an impact on the environment by incurring exhorbitant costs. | new | 1 + +|============================================== diff --git a/docs/detections/prebuilt-rules/prebuilt-rules-downloadable-updates.asciidoc b/docs/detections/prebuilt-rules/prebuilt-rules-downloadable-updates.asciidoc index 9f934e6249..ab8042d3ed 100644 --- a/docs/detections/prebuilt-rules/prebuilt-rules-downloadable-updates.asciidoc +++ b/docs/detections/prebuilt-rules/prebuilt-rules-downloadable-updates.asciidoc @@ -13,6 +13,10 @@ For previous rule updates, please navigate to the https://www.elastic.co/guide/e |Update version |Date | New rules | Updated rules | Notes +|<> | 06 May 2024 | 6 | 0 | +update rules for 8.13 release + + |<> | 30 Apr 2024 | 2 | 2 | This release includes new rules for Linux and Windows and tuned rules for Linux. New rules for Linux include detection for persistence. @@ -52,3 +56,4 @@ include::downloadable-packages/8-13-2/prebuilt-rules-8-13-2-summary.asciidoc[lev include::downloadable-packages/8-13-3/prebuilt-rules-8-13-3-summary.asciidoc[leveloffset=+1] include::downloadable-packages/8-13-4/prebuilt-rules-8-13-4-summary.asciidoc[leveloffset=+1] include::downloadable-packages/8-13-5/prebuilt-rules-8-13-5-summary.asciidoc[leveloffset=+1] +include::downloadable-packages/8-13-6/prebuilt-rules-8-13-6-summary.asciidoc[leveloffset=+1] diff --git a/docs/detections/prebuilt-rules/prebuilt-rules-reference.asciidoc b/docs/detections/prebuilt-rules/prebuilt-rules-reference.asciidoc index f9714f45bc..17ffe86385 100644 --- a/docs/detections/prebuilt-rules/prebuilt-rules-reference.asciidoc +++ b/docs/detections/prebuilt-rules/prebuilt-rules-reference.asciidoc @@ -18,6 +18,12 @@ and their rule type is `machine_learning`. |<> |Indicates the update of a scheduled task using Windows event logs. Adversaries can use these to establish persistence, by changing the configuration of a legit scheduled task. Some changes such as disabling or enabling a scheduled task are common and may may generate noise. |[Domain: Endpoint], [OS: Windows], [Use Case: Threat Detection], [Tactic: Persistence] |8.3.0 |8 +|<> |Identifies multiple successive failed attempts to use denied model resources within AWS Bedrock. This could indicated attempts to bypass limitations of other approved models, or to force an impact on the environment by incurring exhorbitant costs. |[Domain: LLM], [Data Source: AWS Bedrock], [Data Source: AWS S3], [Resources: Investigation Guide], [Use Case: Policy Violation], [Mitre Atlas: T0015], [Mitre Atlas: T0034] |8.13.0 |1 + +|<> |Identifies multiple violations of AWS Bedrock guardrails within a single request, resulting in a block action, increasing the likelihood of malicious intent. Multiple violations implies that a user may be intentionally attempting to cirvumvent security controls, access sensitive information, or possibly exploit a vulnerability in the system. |[Domain: LLM], [Data Source: AWS Bedrock], [Data Source: AWS S3], [Resources: Investigation Guide], [Use Case: Policy Violation], [Mitre Atlas: T0051], [Mitre Atlas: T0054] |8.13.0 |1 + +|<> |Identifies multiple violations of AWS Bedrock guardrails by the same user in the same account over a session. Multiple violations implies that a user may be intentionally attempting to cirvumvent security controls, access sensitive information, or possibly exploit a vulnerability in the system. |[Domain: LLM], [Data Source: AWS Bedrock], [Data Source: AWS S3], [Resources: Investigation Guide], [Use Case: Policy Violation], [Mitre Atlas: T0051], [Mitre Atlas: T0054] |8.13.0 |1 + |<> |Identifies the creation of an AWS log trail that specifies the settings for delivery of log data. |[Domain: Cloud], [Data Source: AWS], [Data Source: Amazon Web Services], [Use Case: Log Auditing], [Tactic: Collection] |8.9.0 |207 |<> |Identifies the deletion of an AWS log trail. An adversary may delete trails in an attempt to evade defenses. |[Domain: Cloud], [Data Source: AWS], [Data Source: Amazon Web Services], [Use Case: Log Auditing], [Resources: Investigation Guide], [Tactic: Defense Evasion] |8.9.0 |209 @@ -114,6 +120,8 @@ and their rule type is `machine_learning`. |<> |Identifies the deletion of various Amazon Simple Storage Service (S3) bucket configuration components. |[Domain: Cloud], [Data Source: AWS], [Data Source: Amazon Web Services], [Use Case: Asset Visibility], [Tactic: Defense Evasion] |8.9.0 |207 +|<> |Identifies a high number of failed S3 operations from a single source and account (or anonymous account) within a short timeframe. This activity can be indicative of attempting to cause an increase in billing to an account for excessive random operations, cause resource exhaustion, or enumerating bucket names for discovery. |[Domain: Cloud], [Data Source: AWS], [Data Source: Amazon Web Services], [Data Source: AWS S3], [Resources: Investigation Guide], [Use Case: Log Auditing], [Tactic: Impact] |8.13.0 |1 + |<> |Identifies when SAML activity has occurred in AWS. An adversary could manipulate SAML to maintain access to the target. |[Domain: Cloud], [Data Source: AWS], [Data Source: Amazon Web Services], [Use Case: Identity and Access Audit], [Tactic: Defense Evasion] |8.9.0 |206 |<> |Identifies the suspicious use of GetSessionToken. Tokens could be created and used by attackers to move laterally and escalate privileges. |[Domain: Cloud], [Data Source: AWS], [Data Source: Amazon Web Services], [Data Source: AWS STS], [Use Case: Identity and Access Audit], [Tactic: Privilege Escalation] |8.9.0 |206 @@ -1124,6 +1132,8 @@ and their rule type is `machine_learning`. |<> |Active Directory Integrated DNS (ADIDNS) is one of the core components of AD DS, leveraging AD's access control and replication to maintain domain consistency. It stores DNS zones as AD objects, a feature that, while robust, introduces some security issues, such as wildcard records, mainly because of the default permission (Any authenticated users) to create DNS-named records. Attackers can create wildcard records to redirect traffic that doesn't explicitly match records contained in the zone, becoming the Man-in-the-Middle and being able to abuse DNS similarly to LLMNR/NBNS spoofing. |[Domain: Endpoint], [OS: Windows], [Use Case: Threat Detection], [Tactic: Credential Access], [Data Source: Active Directory], [Use Case: Active Directory Monitoring] |8.3.0 |1 +|<> |Detects potential resource exhaustion or data breach attempts by monitoring for users who consistently generate high input token counts, submit numerous requests, and receive large responses. This behavior could indicate an attempt to overload the system or extract an unusually large amount of data, possibly revealing sensitive information or causing service disruptions. |[Domain: LLM], [Data Source: AWS Bedrock], [Data Source: Amazon Web Services], [Data Source: AWS S3], [Use Case: Potential Overload], [Use Case: Resource Exhaustion], [Mitre Atlas: LLM04] |8.13.0 |1 + |<> |Identifies attempts to add an account to the admin group via the command line. This could be an indication of privilege escalation activity. |[Domain: Endpoint], [OS: macOS], [Use Case: Threat Detection], [Tactic: Privilege Escalation], [Data Source: Elastic Defend] |8.3.0 |106 |<> |Identifies the execution of PowerShell script with keywords related to different Antimalware Scan Interface (AMSI) bypasses. An adversary may attempt first to disable AMSI before executing further malicious powershell scripts to evade detection. |[Domain: Endpoint], [OS: Windows], [Use Case: Threat Detection], [Tactic: Defense Evasion], [Data Source: PowerShell Logs], [Resources: Investigation Guide] |8.3.0 |8 @@ -2014,6 +2024,8 @@ and their rule type is `machine_learning`. |<> |Identifies an unexpected file being modified by dns.exe, the process responsible for Windows DNS Server services, which may indicate activity related to remote code execution or other forms of exploitation. |[Domain: Endpoint], [OS: Windows], [Use Case: Threat Detection], [Tactic: Lateral Movement], [Data Source: Elastic Endgame], [Use Case: Vulnerability], [Data Source: Elastic Defend], [Data Source: Sysmon] |8.3.0 |110 +|<> |Detects repeated high-confidence 'BLOCKED' actions coupled with specific violation codes such as 'MISCONDUCT', indicating persistent misuse or attempts to probe the model's ethical boundaries. |[Domain: LLM], [Data Source: AWS Bedrock], [Data Source: AWS S3], [Use Case: Policy Violation], [Mitre Atlas: T0051], [Mitre Atlas: T0054] |8.13.0 |1 + |<> |A machine learning job detected a user logging in at a time of day that is unusual for the user. This can be due to credentialed access via a compromised account when the user and the threat actor are in different time zones. In addition, unauthorized user activity often takes place during non-business hours. |[Use Case: Identity and Access Audit], [Use Case: Threat Detection], [Rule Type: ML], [Rule Type: Machine Learning], [Tactic: Initial Access], [Resources: Investigation Guide] |8.3.0 |104 |<> |Identifies Linux processes that do not usually use the network but have unexpected network activity, which can indicate command-and-control, lateral movement, persistence, or data exfiltration activity. A process with unusual network activity can denote process exploitation or injection, where the process is used to run persistence mechanisms that allow a malicious actor remote access or control of the host, data exfiltration, and execution of unauthorized network applications. |[Domain: Endpoint], [OS: Linux], [Use Case: Threat Detection], [Rule Type: ML], [Rule Type: Machine Learning] |8.3.0 |103 diff --git a/docs/detections/prebuilt-rules/rule-desc-index.asciidoc b/docs/detections/prebuilt-rules/rule-desc-index.asciidoc index 38a1ab22b5..2e008acd55 100644 --- a/docs/detections/prebuilt-rules/rule-desc-index.asciidoc +++ b/docs/detections/prebuilt-rules/rule-desc-index.asciidoc @@ -1,5 +1,8 @@ include::rule-details/a-scheduled-task-was-created.asciidoc[] include::rule-details/a-scheduled-task-was-updated.asciidoc[] +include::rule-details/aws-bedrock-detected-multiple-attempts-to-use-denied-models-by-a-single-user.asciidoc[] +include::rule-details/aws-bedrock-guardrails-detected-multiple-policy-violations-within-a-single-blocked-request.asciidoc[] +include::rule-details/aws-bedrock-guardrails-detected-multiple-violations-by-a-single-user-over-a-session.asciidoc[] include::rule-details/aws-cloudtrail-log-created.asciidoc[] include::rule-details/aws-cloudtrail-log-deleted.asciidoc[] include::rule-details/aws-cloudtrail-log-suspended.asciidoc[] @@ -48,6 +51,7 @@ include::rule-details/aws-route-table-created.asciidoc[] include::rule-details/aws-route-table-modified-or-deleted.asciidoc[] include::rule-details/aws-route53-private-hosted-zone-associated-with-a-vpc.asciidoc[] include::rule-details/aws-s3-bucket-configuration-deletion.asciidoc[] +include::rule-details/aws-s3-bucket-enumeration-or-brute-force.asciidoc[] include::rule-details/aws-saml-activity.asciidoc[] include::rule-details/aws-sts-getsessiontoken-abuse.asciidoc[] include::rule-details/aws-security-group-configuration-change-detection.asciidoc[] @@ -553,6 +557,7 @@ include::rule-details/possible-consent-grant-attack-via-azure-registered-applica include::rule-details/possible-fin7-dga-command-and-control-behavior.asciidoc[] include::rule-details/possible-okta-dos-attack.asciidoc[] include::rule-details/potential-adidns-poisoning-via-wildcard-record-creation.asciidoc[] +include::rule-details/potential-abuse-of-resources-by-high-token-count-and-large-response-sizes.asciidoc[] include::rule-details/potential-admin-group-account-addition.asciidoc[] include::rule-details/potential-antimalware-scan-interface-bypass-via-powershell.asciidoc[] include::rule-details/potential-application-shimming-via-sdbinst.asciidoc[] @@ -998,6 +1003,7 @@ include::rule-details/unusual-discovery-signal-alert-with-unusual-process-execut include::rule-details/unusual-executable-file-creation-by-a-system-critical-process.asciidoc[] include::rule-details/unusual-file-creation-alternate-data-stream.asciidoc[] include::rule-details/unusual-file-modification-by-dns-exe.asciidoc[] +include::rule-details/unusual-high-confidence-misconduct-blocks-detected.asciidoc[] include::rule-details/unusual-hour-for-a-user-to-logon.asciidoc[] include::rule-details/unusual-linux-network-activity.asciidoc[] include::rule-details/unusual-linux-network-configuration-discovery.asciidoc[] diff --git a/docs/detections/prebuilt-rules/rule-details/aws-bedrock-detected-multiple-attempts-to-use-denied-models-by-a-single-user.asciidoc b/docs/detections/prebuilt-rules/rule-details/aws-bedrock-detected-multiple-attempts-to-use-denied-models-by-a-single-user.asciidoc new file mode 100644 index 0000000000..22ed004221 --- /dev/null +++ b/docs/detections/prebuilt-rules/rule-details/aws-bedrock-detected-multiple-attempts-to-use-denied-models-by-a-single-user.asciidoc @@ -0,0 +1,69 @@ +[[aws-bedrock-detected-multiple-attempts-to-use-denied-models-by-a-single-user]] +=== AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User + +Identifies multiple successive failed attempts to use denied model resources within AWS Bedrock. This could indicated attempts to bypass limitations of other approved models, or to force an impact on the environment by incurring exhorbitant costs. + +*Rule type*: esql + +*Rule indices*: None + +*Severity*: high + +*Risk score*: 73 + +*Runs every*: 10m + +*Searches indices from*: now-60m ({ref}/common-options.html#date-math[Date Math format], see also <>) + +*Maximum alerts per execution*: 100 + +*References*: + +* https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html +* https://atlas.mitre.org/techniques/AML.T0015 +* https://atlas.mitre.org/techniques/AML.T0034 +* https://www.elastic.co/security-labs/elastic-advances-llm-security + +*Tags*: + +* Domain: LLM +* Data Source: AWS Bedrock +* Data Source: AWS S3 +* Resources: Investigation Guide +* Use Case: Policy Violation +* Mitre Atlas: T0015 +* Mitre Atlas: T0034 + +*Version*: 1 + +*Rule authors*: + +* Elastic + +*Rule license*: Elastic License v2 + + +==== Setup + + + +*Setup* + + +This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation: + +https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html + + +==== Rule query + + +[source, js] +---------------------------------- +from logs-aws_bedrock.invocation-* +| where gen_ai.response.error_code == "AccessDeniedException" +| stats total_denials = count(*) by user.id, gen_ai.request.model.id, cloud.account.id +| where total_denials > 3 +| sort total_denials desc + +---------------------------------- diff --git a/docs/detections/prebuilt-rules/rule-details/aws-bedrock-guardrails-detected-multiple-policy-violations-within-a-single-blocked-request.asciidoc b/docs/detections/prebuilt-rules/rule-details/aws-bedrock-guardrails-detected-multiple-policy-violations-within-a-single-blocked-request.asciidoc new file mode 100644 index 0000000000..d64780e042 --- /dev/null +++ b/docs/detections/prebuilt-rules/rule-details/aws-bedrock-guardrails-detected-multiple-policy-violations-within-a-single-blocked-request.asciidoc @@ -0,0 +1,70 @@ +[[aws-bedrock-guardrails-detected-multiple-policy-violations-within-a-single-blocked-request]] +=== AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request + +Identifies multiple violations of AWS Bedrock guardrails within a single request, resulting in a block action, increasing the likelihood of malicious intent. Multiple violations implies that a user may be intentionally attempting to cirvumvent security controls, access sensitive information, or possibly exploit a vulnerability in the system. + +*Rule type*: esql + +*Rule indices*: None + +*Severity*: low + +*Risk score*: 21 + +*Runs every*: 10m + +*Searches indices from*: now-60m ({ref}/common-options.html#date-math[Date Math format], see also <>) + +*Maximum alerts per execution*: 100 + +*References*: + +* https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html +* https://atlas.mitre.org/techniques/AML.T0051 +* https://atlas.mitre.org/techniques/AML.T0054 +* https://www.elastic.co/security-labs/elastic-advances-llm-security + +*Tags*: + +* Domain: LLM +* Data Source: AWS Bedrock +* Data Source: AWS S3 +* Resources: Investigation Guide +* Use Case: Policy Violation +* Mitre Atlas: T0051 +* Mitre Atlas: T0054 + +*Version*: 1 + +*Rule authors*: + +* Elastic + +*Rule license*: Elastic License v2 + + +==== Setup + + + +*Setup* + + +This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation: + +https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html + + +==== Rule query + + +[source, js] +---------------------------------- +from logs-aws_bedrock.invocation-* +| where gen_ai.policy.action == "BLOCKED" +| eval policy_violations = mv_count(gen_ai.policy.name) +| where policy_violations > 1 +| stats total_unique_request_violations = count(*) by policy_violations, user.id, gen_ai.request.model.id, cloud.account.id +| sort total_unique_request_violations desc + +---------------------------------- diff --git a/docs/detections/prebuilt-rules/rule-details/aws-bedrock-guardrails-detected-multiple-violations-by-a-single-user-over-a-session.asciidoc b/docs/detections/prebuilt-rules/rule-details/aws-bedrock-guardrails-detected-multiple-violations-by-a-single-user-over-a-session.asciidoc new file mode 100644 index 0000000000..2e495a3d37 --- /dev/null +++ b/docs/detections/prebuilt-rules/rule-details/aws-bedrock-guardrails-detected-multiple-violations-by-a-single-user-over-a-session.asciidoc @@ -0,0 +1,69 @@ +[[aws-bedrock-guardrails-detected-multiple-violations-by-a-single-user-over-a-session]] +=== AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session + +Identifies multiple violations of AWS Bedrock guardrails by the same user in the same account over a session. Multiple violations implies that a user may be intentionally attempting to cirvumvent security controls, access sensitive information, or possibly exploit a vulnerability in the system. + +*Rule type*: esql + +*Rule indices*: None + +*Severity*: medium + +*Risk score*: 47 + +*Runs every*: 10m + +*Searches indices from*: now-60m ({ref}/common-options.html#date-math[Date Math format], see also <>) + +*Maximum alerts per execution*: 100 + +*References*: + +* https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html +* https://atlas.mitre.org/techniques/AML.T0051 +* https://atlas.mitre.org/techniques/AML.T0054 +* https://www.elastic.co/security-labs/elastic-advances-llm-security + +*Tags*: + +* Domain: LLM +* Data Source: AWS Bedrock +* Data Source: AWS S3 +* Resources: Investigation Guide +* Use Case: Policy Violation +* Mitre Atlas: T0051 +* Mitre Atlas: T0054 + +*Version*: 1 + +*Rule authors*: + +* Elastic + +*Rule license*: Elastic License v2 + + +==== Setup + + + +*Setup* + + +This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation: + +https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html + + +==== Rule query + + +[source, js] +---------------------------------- +from logs-aws_bedrock.invocation-* +| where gen_ai.compliance.violation_detected +| stats violations = count(*) by user.id, gen_ai.model.id, cloud.account.id +| where violations > 1 +| sort violations desc + +---------------------------------- diff --git a/docs/detections/prebuilt-rules/rule-details/aws-s3-bucket-enumeration-or-brute-force.asciidoc b/docs/detections/prebuilt-rules/rule-details/aws-s3-bucket-enumeration-or-brute-force.asciidoc new file mode 100644 index 0000000000..83d4a0e161 --- /dev/null +++ b/docs/detections/prebuilt-rules/rule-details/aws-s3-bucket-enumeration-or-brute-force.asciidoc @@ -0,0 +1,147 @@ +[[aws-s3-bucket-enumeration-or-brute-force]] +=== AWS S3 Bucket Enumeration or Brute Force + +Identifies a high number of failed S3 operations from a single source and account (or anonymous account) within a short timeframe. This activity can be indicative of attempting to cause an increase in billing to an account for excessive random operations, cause resource exhaustion, or enumerating bucket names for discovery. + +*Rule type*: esql + +*Rule indices*: None + +*Severity*: low + +*Risk score*: 21 + +*Runs every*: 5m + +*Searches indices from*: now-10m ({ref}/common-options.html#date-math[Date Math format], see also <>) + +*Maximum alerts per execution*: 100 + +*References*: + +* https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1 +* https://docs.aws.amazon.com/cli/latest/reference/s3api/ + +*Tags*: + +* Domain: Cloud +* Data Source: AWS +* Data Source: Amazon Web Services +* Data Source: AWS S3 +* Resources: Investigation Guide +* Use Case: Log Auditing +* Tactic: Impact + +*Version*: 1 + +*Rule authors*: + +* Elastic + +*Rule license*: Elastic License v2 + + +==== Investigation guide + + + +*Triage and analysis* + + + +*Investigating AWS S3 Bucket Enumeration or Brute Force* + + +AWS S3 buckets can be be brute forced to cause financial impact against the resource owner. What makes this even riskier is that even private, locked down buckets can still trigger a potential cost, even with an "Access Denied", while also being accessible from unauthenticated, anonymous accounts. This also appears to work on several or all https://docs.aws.amazon.com/cli/latest/reference/s3api/[operations] (GET, PUT, list-objects, etc.). Additionally, buckets are trivially discoverable by default as long as the bucket name is known, making it vulnerable to enumeration for discovery. + +Attackers may attempt to enumerate names until a valid bucket is discovered and then pivot to cause financial impact, enumerate for more information, or brute force in other ways to attempt to exfil data. + + +*Possible investigation steps* + + +- Examine the history of the operation requests from the same `source.address` and `cloud.account.id` to determine if there is other suspicious activity. +- Review similar requests and look at the `user.agent` info to ascertain the source of the requests (though do not overly rely on this since it is controlled by the requestor). +- Review other requests to the same `aws.s3.object.key` as well as other `aws.s3.object.key` accessed by the same `cloud.account.id` or `source.address`. +- Investigate other alerts associated with the user account during the past 48 hours. +- Validate the activity is not related to planned patches, updates, or network administrator activity. +- Examine the request parameters. These may indicate the source of the program or the nature of the task being performed when the error occurred. + - Check whether the error is related to unsuccessful attempts to enumerate or access objects, data, or secrets. +- Considering the source IP address and geolocation of the user who issued the command: + - Do they look normal for the calling user? + - If the source is an EC2 IP address, is it associated with an EC2 instance in one of your accounts or is the source IP from an EC2 instance that's not under your control? + - If it is an authorized EC2 instance, is the activity associated with normal behavior for the instance role or roles? Are there any other alerts or signs of suspicious activity involving this instance? +- Consider the time of day. If the user is a human (not a program or script), did the activity take place during a normal time of day? +- Contact the account owner and confirm whether they are aware of this activity if suspicious. +- If you suspect the account has been compromised, scope potentially compromised assets by tracking servers, services, and data accessed by the account in the last 24 hours. + + +*False positive analysis* + + +- Verify the `source.address` and `cloud.account.id` - there are some valid operations from within AWS directly that can cause failures and false positives. Additionally, failed automation can also caeuse false positives, but should be identifiable by reviewing the `source.address` and `cloud.account.id`. + + +*Response and remediation* + + +- Initiate the incident response process based on the outcome of the triage. +- Disable or limit the account during the investigation and response. +- Identify the possible impact of the incident and prioritize accordingly; the following actions can help you gain context: + - Identify the account role in the cloud environment. + - Assess the criticality of affected services and servers. + - Work with your IT team to identify and minimize the impact on users. + - Identify if the attacker is moving laterally and compromising other accounts, servers, or services. + - Identify any regulatory or legal ramifications related to this activity. +- Investigate credential exposure on systems compromised or used by the attacker to ensure all compromised accounts are identified. Reset passwords or delete API keys as needed to revoke the attacker's access to the environment. Work with your IT teams to minimize the impact on business operations during these actions. +- Check if unauthorized new users were created, remove unauthorized new accounts, and request password resets for other IAM users. +- Consider enabling multi-factor authentication for users. +- Review the permissions assigned to the implicated user to ensure that the least privilege principle is being followed. +- Implement security best practices https://aws.amazon.com/premiumsupport/knowledge-center/security-best-practices/[outlined] by AWS. +- Take the actions needed to return affected systems, data, or services to their normal operational levels. +- Identify the initial vector abused by the attacker and take action to prevent reinfection via the same vector. +- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR). +- Check for PutBucketPolicy event actions as well to see if they have been tampered with. While we monitor for denied, a single successful action to add a backdoor into the bucket via policy updates (however they got permissions) may be critical to identify during TDIR. + + + +==== Rule query + + +[source, js] +---------------------------------- +from logs-aws.cloudtrail* +| where event.provider == "s3.amazonaws.com" and aws.cloudtrail.error_code == "AccessDenied" +| stats failed_requests = count(*) by tls.client.server_name, source.address, cloud.account.id + // can modify the failed request count or tweak time window to fit environment + // can add `not cloud.account.id in (KNOWN)` or specify in exceptions +| where failed_requests > 40 + +---------------------------------- + +*Framework*: MITRE ATT&CK^TM^ + +* Tactic: +** Name: Impact +** ID: TA0040 +** Reference URL: https://attack.mitre.org/tactics/TA0040/ +* Technique: +** Name: Financial Theft +** ID: T1657 +** Reference URL: https://attack.mitre.org/techniques/T1657/ +* Tactic: +** Name: Discovery +** ID: TA0007 +** Reference URL: https://attack.mitre.org/tactics/TA0007/ +* Technique: +** Name: Cloud Infrastructure Discovery +** ID: T1580 +** Reference URL: https://attack.mitre.org/techniques/T1580/ +* Tactic: +** Name: Collection +** ID: TA0009 +** Reference URL: https://attack.mitre.org/tactics/TA0009/ +* Technique: +** Name: Data from Cloud Storage +** ID: T1530 +** Reference URL: https://attack.mitre.org/techniques/T1530/ diff --git a/docs/detections/prebuilt-rules/rule-details/potential-abuse-of-resources-by-high-token-count-and-large-response-sizes.asciidoc b/docs/detections/prebuilt-rules/rule-details/potential-abuse-of-resources-by-high-token-count-and-large-response-sizes.asciidoc new file mode 100644 index 0000000000..83089d7c67 --- /dev/null +++ b/docs/detections/prebuilt-rules/rule-details/potential-abuse-of-resources-by-high-token-count-and-large-response-sizes.asciidoc @@ -0,0 +1,73 @@ +[[potential-abuse-of-resources-by-high-token-count-and-large-response-sizes]] +=== Potential Abuse of Resources by High Token Count and Large Response Sizes + +Detects potential resource exhaustion or data breach attempts by monitoring for users who consistently generate high input token counts, submit numerous requests, and receive large responses. This behavior could indicate an attempt to overload the system or extract an unusually large amount of data, possibly revealing sensitive information or causing service disruptions. + +*Rule type*: esql + +*Rule indices*: None + +*Severity*: medium + +*Risk score*: 47 + +*Runs every*: 10m + +*Searches indices from*: now-60m ({ref}/common-options.html#date-math[Date Math format], see also <>) + +*Maximum alerts per execution*: 100 + +*References*: + +* https://atlas.mitre.org/techniques/AML.T0051 +* https://owasp.org/www-project-top-10-for-large-language-model-applications/ +* https://www.elastic.co/security-labs/elastic-advances-llm-security + +*Tags*: + +* Domain: LLM +* Data Source: AWS Bedrock +* Data Source: Amazon Web Services +* Data Source: AWS S3 +* Use Case: Potential Overload +* Use Case: Resource Exhaustion +* Mitre Atlas: LLM04 + +*Version*: 1 + +*Rule authors*: + +* Elastic + +*Rule license*: Elastic License v2 + + +==== Setup + + + +*Setup* + + +This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation: + +https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html + + +==== Rule query + + +[source, js] +---------------------------------- +from logs-aws_bedrock.invocation-* +| stats max_tokens = max(gen_ai.usage.prompt_tokens), + total_requests = count(*), + avg_response_size = avg(gen_ai.usage.completion_tokens) + by user.id +// tokens count depends on specific LLM, as is related to how embeddings are generated. +| where max_tokens > 5000 and total_requests > 10 and avg_response_size > 500 +| eval risk_factor = (max_tokens / 1000) * total_requests * (avg_response_size / 500) +| where risk_factor > 10 +| sort risk_factor desc + +---------------------------------- diff --git a/docs/detections/prebuilt-rules/rule-details/unusual-high-confidence-misconduct-blocks-detected.asciidoc b/docs/detections/prebuilt-rules/rule-details/unusual-high-confidence-misconduct-blocks-detected.asciidoc new file mode 100644 index 0000000000..b1f8303724 --- /dev/null +++ b/docs/detections/prebuilt-rules/rule-details/unusual-high-confidence-misconduct-blocks-detected.asciidoc @@ -0,0 +1,68 @@ +[[unusual-high-confidence-misconduct-blocks-detected]] +=== Unusual High Confidence Misconduct Blocks Detected + +Detects repeated high-confidence 'BLOCKED' actions coupled with specific violation codes such as 'MISCONDUCT', indicating persistent misuse or attempts to probe the model's ethical boundaries. + +*Rule type*: esql + +*Rule indices*: None + +*Severity*: high + +*Risk score*: 73 + +*Runs every*: 10m + +*Searches indices from*: now-60m ({ref}/common-options.html#date-math[Date Math format], see also <>) + +*Maximum alerts per execution*: 100 + +*References*: + +* https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-components.html +* https://atlas.mitre.org/techniques/AML.T0051 +* https://atlas.mitre.org/techniques/AML.T0054 +* https://www.elastic.co/security-labs/elastic-advances-llm-security + +*Tags*: + +* Domain: LLM +* Data Source: AWS Bedrock +* Data Source: AWS S3 +* Use Case: Policy Violation +* Mitre Atlas: T0051 +* Mitre Atlas: T0054 + +*Version*: 1 + +*Rule authors*: + +* Elastic + +*Rule license*: Elastic License v2 + + +==== Setup + + + +*Setup* + + +This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation: + +https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html + + +==== Rule query + + +[source, js] +---------------------------------- +from logs-aws_bedrock.invocation-* +| where gen_ai.policy.confidence == "HIGH" and gen_ai.policy.action == "BLOCKED" and gen_ai.compliance.violation_code == "MISCONDUCT" +| stats high_confidence_blocks = count() by user.id +| where high_confidence_blocks > 5 +| sort high_confidence_blocks desc + +---------------------------------- diff --git a/docs/index.asciidoc b/docs/index.asciidoc index 708728bbc5..8d05d67571 100644 --- a/docs/index.asciidoc +++ b/docs/index.asciidoc @@ -97,3 +97,5 @@ include::detections/prebuilt-rules/downloadable-packages/8-13-3/prebuilt-rules-8 include::detections/prebuilt-rules/downloadable-packages/8-13-4/prebuilt-rules-8-13-4-appendix.asciidoc[] include::detections/prebuilt-rules/downloadable-packages/8-13-5/prebuilt-rules-8-13-5-appendix.asciidoc[] + +include::detections/prebuilt-rules/downloadable-packages/8-13-6/prebuilt-rules-8-13-6-appendix.asciidoc[]