LoFP LoFP / legitimate misunderstanding by users or overly strict policies

Techniques

Sample rules

AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request

Description

Identifies multiple violations of AWS Bedrock guardrails within a single request, resulting in a block action, increasing the likelihood of malicious intent. Multiple violations implies that a user may be intentionally attempting to cirvumvent security controls, access sensitive information, or possibly exploit a vulnerability in the system.

Detection logic

from logs-aws_bedrock.invocation-*

// Filter for policy-blocked requests
| where gen_ai.policy.action == "BLOCKED"

// count number of policy matches per request (multi-valued)
| eval Esql.ml_policy_violations_mv_count = mv_count(gen_ai.policy.name)

// Filter for requests with more than one policy match
| where Esql.ml_policy_violations_mv_count > 1

// keep relevant fields
| keep
  gen_ai.policy.action,
  Esql.ml_policy_violations_mv_count,
  user.id,
  gen_ai.request.model.id,
  cloud.account.id

// Aggregate requests with multiple violations
| stats
    Esql.ml_policy_violations_total_unique_requests_count = count(*)
  by
    Esql.ml_policy_violations_mv_count,
    user.id,
    gen_ai.request.model.id,
    cloud.account.id

// sort by number of unique requests
| sort Esql.ml_policy_violations_total_unique_requests_count desc

AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session

Description

Identifies multiple violations of AWS Bedrock guardrails by the same user in the same account over a session. Multiple violations implies that a user may be intentionally attempting to cirvumvent security controls, access sensitive information, or possibly exploit a vulnerability in the system.

Detection logic

from logs-aws_bedrock.invocation-*

// Filter for compliance violations detected
| where gen_ai.compliance.violation_detected

// keep relevant ECS + model fields
| keep
  user.id,
  gen_ai.request.model.id,
  cloud.account.id

// count violations by user, model, and account
| stats
    Esql.ml_violations_count = count(*)
  by
    user.id,
    gen_ai.request.model.id,
    cloud.account.id

// Filter for repeated violations
| where Esql.ml_violations_count > 1

// sort descending by violation volume
| sort Esql.ml_violations_count desc

AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User

Description

Identifies multiple successive failed attempts to use denied model resources within AWS Bedrock. This could indicated attempts to bypass limitations of other approved models, or to force an impact on the environment by incurring exhorbitant costs.

Detection logic

from logs-aws_bedrock.invocation-*

// Filter for access denied errors from GenAI responses
| where gen_ai.response.error_code == "AccessDeniedException"

// keep ECS and response fields
| keep
  user.id,
  gen_ai.request.model.id,
  cloud.account.id,
  gen_ai.response.error_code

// count total denials per user/model/account
| stats
    Esql.ml_response_access_denied_count = count(*)
  by
    user.id,
    gen_ai.request.model.id,
    cloud.account.id

// Filter for users with repeated denials
| where Esql.ml_response_access_denied_count > 3

// sort by volume of denials
| sort Esql.ml_response_access_denied_count desc