Techniques
Sample rules
Azure OpenAI Insecure Output Handling
- source: elastic
- technicques:
Description
Detects when Azure OpenAI requests result in zero response length, potentially indicating issues in output handling that might lead to security exploits such as data leaks or code execution. This can occur in cases where the API fails to handle outputs correctly under certain input conditions.
Detection logic
from logs-azure_openai.logs-*
| where azure.open_ai.properties.response_length == 0 and azure.open_ai.result_signature == "200" and azure.open_ai.operation_name == "ChatCompletions_Create"
| keep azure.open_ai.properties.request_length, azure.open_ai.result_signature, cloud.account.id, azure.resource.name
| stats count = count() by azure.resource.name
| where count >= 10
| sort count desc