-
Notifications
You must be signed in to change notification settings - Fork 180
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bedrock detections for AWS CloudTrail (#1484)
- Loading branch information
1 parent
e6a84a7
commit 4c53935
Showing
5 changed files
with
361 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
20 changes: 20 additions & 0 deletions
20
rules/aws_cloudtrail_rules/aws_bedrock_deletemodelinvocationloggingconfiguration.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| from panther_aws_helpers import aws_cloudtrail_success, aws_rule_context | ||
|
|
||
|
|
||
| def rule(event): | ||
| if ( | ||
| event.get("eventSource") == "bedrock.amazonaws.com" | ||
| and event.get("eventName") == "DeleteModelInvocationLoggingConfiguration" | ||
| and aws_cloudtrail_success(event) | ||
| ): | ||
| return True | ||
| return False | ||
|
|
||
|
|
||
| def title(event): | ||
| user = event.udm("actor_user") | ||
| return f"User [{user}] deleted Bedrock model invocation logging configuration" | ||
|
|
||
|
|
||
| def alert_context(event): | ||
| return aws_rule_context(event) |
123 changes: 123 additions & 0 deletions
123
rules/aws_cloudtrail_rules/aws_bedrock_deletemodelinvocationloggingconfiguration.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,123 @@ | ||
| AnalysisType: rule | ||
| Filename: aws_bedrock_deletemodelinvocationloggingconfiguration.py | ||
| RuleID: "AWS.Bedrock.DeleteModelInvocationLoggingConfiguration" | ||
| DisplayName: "AWS Bedrock Model Invocation Logging Configuration Deleted" | ||
| Enabled: true | ||
| LogTypes: | ||
| - AWS.CloudTrail | ||
| Tags: | ||
| - AWS | ||
| - Bedrock | ||
| - "Impair Defenses: Impair Command History Logging" | ||
| - Defense Evastion | ||
| Severity: Medium | ||
| Reports: | ||
| MITRE ATT&CK: | ||
| - TA0005:T1562.003 # Impair Defenses: Impair Command History Logging | ||
| Description: > | ||
| An Amazon Bedrock Model Invocation Logging Configuration was deleted. | ||
| Use model invocation logging to collect metadata, requests, and responses for all model invocations in your account. | ||
| Deleting a model invocation logging configuration can have security implications to your AI workloads. | ||
| Runbook: > | ||
| Review the model invocation logging configuration deletion to ensure that it was authorized and that it does not introduce security risks to your AI workloads. | ||
| If the model invocation logging configuration deletion was unauthorized, investigate the incident and take appropriate action. | ||
| Reference: https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html | ||
| SummaryAttributes: | ||
| - userAgent | ||
| - sourceIpAddress | ||
| - recipientAccountId | ||
| - p_any_aws_arns | ||
| Tests: | ||
| - Name: Model Invocation Logging Configuration Deleted | ||
| ExpectedResult: true | ||
| Log: | ||
| { | ||
| "awsRegion": "us-west-2", | ||
| "eventCategory": "Management", | ||
| "eventID": "28773860-a4fd-47c7-a215-6f0e6e6e532f", | ||
| "eventName": "DeleteModelInvocationLoggingConfiguration", | ||
| "eventSource": "bedrock.amazonaws.com", | ||
| "eventTime": "2025-01-21 17:49:47.000000000", | ||
| "eventType": "AwsApiCall", | ||
| "eventVersion": "1.09", | ||
| "managementEvent": true, | ||
| "readOnly": false, | ||
| "recipientAccountId": "123123123123", | ||
| "requestID": "7b9b25ca-be2d-4428-9793-0a677c32b823", | ||
| "sessionCredentialFromConsole": true, | ||
| "sourceIPAddress": "161.97.249.211", | ||
| "tlsDetails": { | ||
| "cipherSuite": "TLS_AES_128_GCM_SHA256", | ||
| "clientProvidedHostHeader": "bedrock.us-west-2.amazonaws.com", | ||
| "tlsVersion": "TLSv1.3" | ||
| }, | ||
| "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36", | ||
| "userIdentity": { | ||
| "accessKeyId": "ASIAQWERQWERQWERQWER", | ||
| "accountId": "123123123123", | ||
| "arn": "arn:aws:sts::123123123123:assumed-role/DevAdmin/dr.evil", | ||
| "principalId": "AROAQWERQWERQWERQWER:dr.evil", | ||
| "sessionContext": { | ||
| "attributes": { | ||
| "creationDate": "2025-01-21T16:08:03Z", | ||
| "mfaAuthenticated": "false" | ||
| }, | ||
| "sessionIssuer": { | ||
| "accountId": "123123123123", | ||
| "arn": "arn:aws:iam::123123123123:role/aws-reserved/sso.amazonaws.com/us-west-2/DevAdmin", | ||
| "principalId": "AROAQWERQWERQWERQWER", | ||
| "type": "Role", | ||
| "userName": "DevAdmin" | ||
| } | ||
| }, | ||
| "type": "AssumedRole" | ||
| } | ||
| } | ||
| - Name: List Guardrails | ||
| ExpectedResult: false | ||
| Log: | ||
| { | ||
| "awsRegion": "us-west-2", | ||
| "eventCategory": "Management", | ||
| "eventID": "906c4056-df1e-4565-a40b-2ba216a0c849", | ||
| "eventName": "ListGuardrails", | ||
| "eventSource": "bedrock.amazonaws.com", | ||
| "eventTime": "2025-01-21 18:12:33.000000000", | ||
| "eventType": "AwsApiCall", | ||
| "eventVersion": "1.09", | ||
| "managementEvent": true, | ||
| "readOnly": true, | ||
| "recipientAccountId": "123123123123", | ||
| "requestID": "9219ab18-cddf-4376-afc6-cc4edf2c2f0f", | ||
| "requestParameters": { | ||
| "maxResults": 1000 | ||
| }, | ||
| "sessionCredentialFromConsole": true, | ||
| "sourceIPAddress": "123.123.123.123", | ||
| "tlsDetails": { | ||
| "cipherSuite": "TLS_AES_128_GCM_SHA256", | ||
| "clientProvidedHostHeader": "bedrock.us-west-2.amazonaws.com", | ||
| "tlsVersion": "TLSv1.3" | ||
| }, | ||
| "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36", | ||
| "userIdentity": { | ||
| "accessKeyId": "ASIAQWERQWERQWERQWER", | ||
| "accountId": "123123123123", | ||
| "arn": "arn:aws:sts::123123123123:assumed-role/DevAdmin/dr.evil", | ||
| "principalId": "AROAQWERQWERQWERQWER:dr.evil", | ||
| "sessionContext": { | ||
| "attributes": { | ||
| "creationDate": "2025-01-21T16:08:03Z", | ||
| "mfaAuthenticated": "false" | ||
| }, | ||
| "sessionIssuer": { | ||
| "accountId": "123123123123", | ||
| "arn": "arn:aws:iam::123123123123:role/aws-reserved/sso.amazonaws.com/us-west-2/DevAdmin", | ||
| "principalId": "AROAQWERQWERQWERQWER", | ||
| "type": "Role", | ||
| "userName": "DevAdmin" | ||
| } | ||
| }, | ||
| "type": "AssumedRole" | ||
| } | ||
| } |
30 changes: 30 additions & 0 deletions
30
rules/aws_cloudtrail_rules/aws_bedrock_guardrail_update_delete.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| from panther_aws_helpers import aws_cloudtrail_success, aws_rule_context | ||
|
|
||
| GUARDRAIL_EVENTS = {"DeleteGuardrail", "UpdateGuardrail"} | ||
|
|
||
|
|
||
| def rule(event): | ||
| if ( | ||
| event.get("eventSource") == "bedrock.amazonaws.com" | ||
| and event.get("eventName") in GUARDRAIL_EVENTS | ||
| and aws_cloudtrail_success(event) | ||
| ): | ||
| return True | ||
| return False | ||
|
|
||
|
|
||
| def title(event): | ||
| user = event.udm("actor_user") | ||
| guardrail = event.deep_get("requestParameters", "guardrailIdentifier") | ||
| action = event.get("eventName").replace("Guardrail", "").lower() | ||
| return f"User [{user}] {action}d Bedrock guardrail [{guardrail}]" | ||
|
|
||
|
|
||
| def severity(event): | ||
| if event.get("eventName") == "UpdateGuardrail": | ||
| return "LOW" | ||
| return "DEFAULT" | ||
|
|
||
|
|
||
| def alert_context(event): | ||
| return aws_rule_context(event) |
185 changes: 185 additions & 0 deletions
185
rules/aws_cloudtrail_rules/aws_bedrock_guardrail_update_delete.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,185 @@ | ||
| AnalysisType: rule | ||
| Filename: aws_bedrock_guardrail_update_delete.py | ||
| RuleID: "AWS.Bedrock.GuardrailUpdateDelete" | ||
| DisplayName: "AWS Bedrock Guardrail Updated or Deleted" | ||
| Enabled: true | ||
| LogTypes: | ||
| - AWS.CloudTrail | ||
| Tags: | ||
| - AWS | ||
| - Bedrock | ||
| - Generative AI Guardrails | ||
| - AML.T0054 | ||
| - LLM Jailbreak | ||
| - "Impair Defenses: Disable or Modify Tools" | ||
| - Defense Evasion | ||
| Severity: Medium | ||
| Reports: | ||
| MITRE ATT&CK: | ||
| - TA0005:T1562.001 # Impair Defenses: Disable or Modify Tools | ||
| Description: > | ||
| An Amazon Bedrock Guardrail was updated or deleted. | ||
| Amazon Bedrock Guardrails are used to implement application-specific safeguards based on your use cases and responsible AI policies. | ||
| Updating or deleting a guardrail can have security implications to your AI workloads. | ||
| Runbook: > | ||
| Review the guardrail update or deletion to ensure that it was authorized and that it does not introduce security risks to your AI workloads. | ||
| If the guardrail update or deletion was unauthorized, investigate the incident and take appropriate action. | ||
| https://atlas.mitre.org/mitigations/AML.M0020 | ||
| Reference: https://docs.aws.amazon.com/bedrock/latest/APIReference/API_DeleteGuardrail.html | ||
| SummaryAttributes: | ||
| - userAgent | ||
| - sourceIpAddress | ||
| - recipientAccountId | ||
| - p_any_aws_arns | ||
| Tests: | ||
| - Name: Guardrail Updated | ||
| ExpectedResult: true | ||
| Log: | ||
| { | ||
| "awsRegion": "us-west-2", | ||
| "eventCategory": "Management", | ||
| "eventID": "4d482238-d0c5-4337-800f-d1ed79957fd4", | ||
| "eventName": "UpdateGuardrail", | ||
| "eventSource": "bedrock.amazonaws.com", | ||
| "eventTime": "2025-01-21 17:39:10.000000000", | ||
| "eventType": "AwsApiCall", | ||
| "eventVersion": "1.09", | ||
| "managementEvent": true, | ||
| "readOnly": false, | ||
| "recipientAccountId": "123123123123", | ||
| "requestID": "4ebcfaab-52e6-4027-9307-dbfe671b1cdb", | ||
| "requestParameters": { | ||
| "guardrailIdentifier": "cmy5azq5koeo", | ||
| "name": "HIDDEN_DUE_TO_SECURITY_REASONS" | ||
| }, | ||
| "responseElements": { | ||
| "guardrailArn": "arn:aws:bedrock:us-west-2:123123123123:guardrail/cmy5azq5koeo", | ||
| "guardrailId": "cmy5azq5koeo", | ||
| "updatedAt": "2025-01-21T17:39:10.379877250Z", | ||
| "version": "DRAFT" | ||
| }, | ||
| "sessionCredentialFromConsole": true, | ||
| "sourceIPAddress": "123.123.123.123", | ||
| "tlsDetails": { | ||
| "cipherSuite": "TLS_AES_128_GCM_SHA256", | ||
| "clientProvidedHostHeader": "bedrock.us-west-2.amazonaws.com", | ||
| "tlsVersion": "TLSv1.3" | ||
| }, | ||
| "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36", | ||
| "userIdentity": { | ||
| "accessKeyId": "ASIAQWERQWERQWERQWER", | ||
| "accountId": "123123123123", | ||
| "arn": "arn:aws:sts::123123123123:assumed-role/DevAdmin/dr.evil", | ||
| "principalId": "AROAQWERQWERQWERQWER:dr.evil", | ||
| "sessionContext": { | ||
| "attributes": { | ||
| "creationDate": "2025-01-21T16:08:03Z", | ||
| "mfaAuthenticated": "false" | ||
| }, | ||
| "sessionIssuer": { | ||
| "accountId": "123123123123", | ||
| "arn": "arn:aws:iam::123123123123:role/aws-reserved/sso.amazonaws.com/us-west-2/DevAdmin", | ||
| "principalId": "AROAQWERQWERQWERQWER", | ||
| "type": "Role", | ||
| "userName": "DevAdmin" | ||
| } | ||
| }, | ||
| "type": "AssumedRole" | ||
| } | ||
| } | ||
| - Name: Guardrail Deleted | ||
| ExpectedResult: true | ||
| Log: | ||
| { | ||
| "awsRegion": "us-west-2", | ||
| "eventCategory": "Management", | ||
| "eventID": "3105145b-d0ca-41ab-a0fd-73f4f31ccbd1", | ||
| "eventName": "DeleteGuardrail", | ||
| "eventSource": "bedrock.amazonaws.com", | ||
| "eventTime": "2025-01-21 18:12:33.000000000", | ||
| "eventType": "AwsApiCall", | ||
| "eventVersion": "1.09", | ||
| "managementEvent": true, | ||
| "readOnly": false, | ||
| "recipientAccountId": "123123123123", | ||
| "requestID": "6e6cadb2-ad15-4c46-9900-fd1888e01ee1", | ||
| "requestParameters": { | ||
| "guardrailIdentifier": "cmy5azq5koeo" | ||
| }, | ||
| "sessionCredentialFromConsole": true, | ||
| "sourceIPAddress": "123.123.123.123", | ||
| "tlsDetails": { | ||
| "cipherSuite": "TLS_AES_128_GCM_SHA256", | ||
| "clientProvidedHostHeader": "bedrock.us-west-2.amazonaws.com", | ||
| "tlsVersion": "TLSv1.3" | ||
| }, | ||
| "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36", | ||
| "userIdentity": { | ||
| "accessKeyId": "ASIAQWERQWERQWERQWER", | ||
| "accountId": "123123123123", | ||
| "arn": "arn:aws:sts::123123123123:assumed-role/DevAdmin/dr.evil", | ||
| "principalId": "AROAQWERQWERQWERQWER:dr.evil", | ||
| "sessionContext": { | ||
| "attributes": { | ||
| "creationDate": "2025-01-21T16:08:03Z", | ||
| "mfaAuthenticated": "false" | ||
| }, | ||
| "sessionIssuer": { | ||
| "accountId": "123123123123", | ||
| "arn": "arn:aws:iam::123123123123:role/aws-reserved/sso.amazonaws.com/us-west-2/DevAdmin", | ||
| "principalId": "AROAQWERQWERQWERQWER", | ||
| "type": "Role", | ||
| "userName": "DevAdmin" | ||
| } | ||
| }, | ||
| "type": "AssumedRole" | ||
| } | ||
| } | ||
| - Name: List Guardrails | ||
| ExpectedResult: false | ||
| Log: | ||
| { | ||
| "awsRegion": "us-west-2", | ||
| "eventCategory": "Management", | ||
| "eventID": "906c4056-df1e-4565-a40b-2ba216a0c849", | ||
| "eventName": "ListGuardrails", | ||
| "eventSource": "bedrock.amazonaws.com", | ||
| "eventTime": "2025-01-21 18:12:33.000000000", | ||
| "eventType": "AwsApiCall", | ||
| "eventVersion": "1.09", | ||
| "managementEvent": true, | ||
| "readOnly": true, | ||
| "recipientAccountId": "123123123123", | ||
| "requestID": "9219ab18-cddf-4376-afc6-cc4edf2c2f0f", | ||
| "requestParameters": { | ||
| "maxResults": 1000 | ||
| }, | ||
| "sessionCredentialFromConsole": true, | ||
| "sourceIPAddress": "123.123.123.123", | ||
| "tlsDetails": { | ||
| "cipherSuite": "TLS_AES_128_GCM_SHA256", | ||
| "clientProvidedHostHeader": "bedrock.us-west-2.amazonaws.com", | ||
| "tlsVersion": "TLSv1.3" | ||
| }, | ||
| "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36", | ||
| "userIdentity": { | ||
| "accessKeyId": "ASIAQWERQWERQWERQWER", | ||
| "accountId": "123123123123", | ||
| "arn": "arn:aws:sts::123123123123:assumed-role/DevAdmin/dr.evil", | ||
| "principalId": "AROAQWERQWERQWERQWER:dr.evil", | ||
| "sessionContext": { | ||
| "attributes": { | ||
| "creationDate": "2025-01-21T16:08:03Z", | ||
| "mfaAuthenticated": "false" | ||
| }, | ||
| "sessionIssuer": { | ||
| "accountId": "123123123123", | ||
| "arn": "arn:aws:iam::123123123123:role/aws-reserved/sso.amazonaws.com/us-west-2/DevAdmin", | ||
| "principalId": "AROAQWERQWERQWERQWER", | ||
| "type": "Role", | ||
| "userName": "DevAdmin" | ||
| } | ||
| }, | ||
| "type": "AssumedRole" | ||
| } | ||
| } |