Techniques
Sample rules
AWS Bedrock Detected Multiple Validation Exception Errors by a Single User
- source: elastic
- technicques:
Description
Identifies multiple validation exeception errors within AWS Bedrock. Validation errors occur when you run the InvokeModel or InvokeModelWithResponseStream APIs on a foundation model that uses an incorrect inference parameter or corresponding value. These errors also occur when you use an inference parameter for one model with a model that doesn’t have the same API parameter. This could indicate attempts to bypass limitations of other approved models, or to force an impact on the environment by incurring exhorbitant costs.
Detection logic
from logs-aws_bedrock.invocation-*
// truncate the timestamp to a 1-minute window
| eval target_time_window = DATE_TRUNC(1 minutes, @timestamp)
| where gen_ai.response.error_code == "ValidationException"
| keep user.id, gen_ai.request.model.id, cloud.account.id, gen_ai.response.error_code, target_time_window
// count the number of users causing validation errors within a 1 minute window
| stats total_denials = count(*) by target_time_window, user.id, cloud.account.id
| where total_denials > 3