-
Notifications
You must be signed in to change notification settings - Fork 455
/
aws_bedrock_high_resource_consumption_detection.toml
58 lines (54 loc) · 2.25 KB
/
aws_bedrock_high_resource_consumption_detection.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
[metadata]
creation_date = "2024/05/04"
maturity = "production"
updated_date = "2024/05/04"
min_stack_comments = "ES|QL rule type is still in technical preview as of 8.13, however this rule was tested successfully; integration in tech preview"
min_stack_version = "8.13.0"
[rule]
author = ["Elastic"]
description = """
Detects potential resource exhaustion or data breach attempts by monitoring for users who consistently generate high input token counts, submit numerous requests, and receive
large responses. This behavior could indicate an attempt to overload the system or extract an unusually large amount of data, possibly revealing sensitive information or
causing service disruptions.
"""
false_positives = ["Authorized heavy usage of the system that is business justified and monitored."]
from = "now-60m"
interval = "10m"
language = "esql"
license = "Elastic License v2"
name = "Potential Abuse of Resources by High Token Count and Large Response Sizes"
references = [
"https://atlas.mitre.org/techniques/AML.T0051",
"https://owasp.org/www-project-top-10-for-large-language-model-applications/",
"https://www.elastic.co/security-labs/elastic-advances-llm-security",
]
risk_score = 47
rule_id = "b1773d05-f349-45fb-9850-287b8f92f02d"
setup = """## Setup
This rule requires that guardrails are configured in AWS Bedrock. For more information, see the AWS Bedrock documentation:
https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails-create.html
"""
severity = "medium"
tags = [
"Domain: LLM",
"Data Source: AWS Bedrock",
"Data Source: Amazon Web Services",
"Data Source: AWS S3",
"Use Case: Potential Overload",
"Use Case: Resource Exhaustion",
"Mitre Atlas: LLM04"
]
timestamp_override = "event.ingested"
type = "esql"
query = '''
from logs-aws_bedrock.invocation-*
| stats max_tokens = max(gen_ai.usage.prompt_tokens),
total_requests = count(*),
avg_response_size = avg(gen_ai.usage.completion_tokens)
by user.id
// tokens count depends on specific LLM, as is related to how embeddings are generated.
| where max_tokens > 5000 and total_requests > 10 and avg_response_size > 500
| eval risk_factor = (max_tokens / 1000) * total_requests * (avg_response_size / 500)
| where risk_factor > 10
| sort risk_factor desc
'''