Bedrock detections for AWS CloudTrail

packs/aws.yml

@@ -141,6 +141,9 @@ PackDefinition:
     - AWS.WAF.HasXSSPredicate
     - AWS.WAF.LoggingConfigured
     - AWS.WAF.WebACLHasAssociatedResources
+    # Bedrock rules
+    - AWS.Bedrock.DeleteModelInvocationLoggingConfiguration
+    - AWS.Bedrock.GuardrailUpdateDelete
     # Other rules
     - AWS.CloudTrail.Account.Discovery
     - AWS.CloudTrail.CloudWatchLogs

rules/aws_cloudtrail_rules/aws_bedrock_deletemodelinvocationloggingconfiguration.py

@@ -0,0 +1,20 @@
+from panther_aws_helpers import aws_cloudtrail_success, aws_rule_context
+
+
+def rule(event):
+    if (
+        event.get("eventSource") == "bedrock.amazonaws.com"
+        and event.get("eventName") == "DeleteModelInvocationLoggingConfiguration"
+        and aws_cloudtrail_success(event)
+    ):
+        return True
+    return False
+
+
+def title(event):
+    user = event.udm("actor_user")
+    return f"User [{user}] deleted Bedrock model invocation logging configuration"
+
+
+def alert_context(event):
+    return aws_rule_context(event)

rules/aws_cloudtrail_rules/aws_bedrock_deletemodelinvocationloggingconfiguration.yml

@@ -0,0 +1,123 @@
+AnalysisType: rule
+Filename: aws_bedrock_deletemodelinvocationloggingconfiguration.py
+RuleID: "AWS.Bedrock.DeleteModelInvocationLoggingConfiguration"
+DisplayName: "AWS Bedrock Model Invocation Logging Configuration Deleted"
+Enabled: true
+LogTypes:
+  - AWS.CloudTrail
+Tags:
+  - AWS
+  - Bedrock
+  - "Impair Defenses: Impair Command History Logging"
+  - Defense Evastion
+Severity: Medium
+Reports:
+  MITRE ATT&CK:
+    - TA0005:T1562.003 # Impair Defenses: Impair Command History Logging
+Description: >
+  An Amazon Bedrock Model Invocation Logging Configuration was deleted.
+  Use model invocation logging to collect metadata, requests, and responses for all model invocations in your account.
+  Deleting a model invocation logging configuration can have security implications to your AI workloads.
+Runbook: >
+  Review the model invocation logging configuration deletion to ensure that it was authorized and that it does not introduce security risks to your AI workloads.
+  If the model invocation logging configuration deletion was unauthorized, investigate the incident and take appropriate action.
+Reference: https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html
+SummaryAttributes:
+  - userAgent
+  - sourceIpAddress
+  - recipientAccountId
+  - p_any_aws_arns
+Tests:
+  - Name: Model Invocation Logging Configuration Deleted
+    ExpectedResult: true
+    Log:
+      {
+        "awsRegion": "us-west-2",
+        "eventCategory": "Management",
+        "eventID": "28773860-a4fd-47c7-a215-6f0e6e6e532f",
+        "eventName": "DeleteModelInvocationLoggingConfiguration",
+        "eventSource": "bedrock.amazonaws.com",
+        "eventTime": "2025-01-21 17:49:47.000000000",
+        "eventType": "AwsApiCall",
+        "eventVersion": "1.09",
+        "managementEvent": true,
+        "readOnly": false,
+        "recipientAccountId": "123123123123",
+        "requestID": "7b9b25ca-be2d-4428-9793-0a677c32b823",
+        "sessionCredentialFromConsole": true,
+        "sourceIPAddress": "161.97.249.211",
+        "tlsDetails": {
+          "cipherSuite": "TLS_AES_128_GCM_SHA256",
+          "clientProvidedHostHeader": "bedrock.us-west-2.amazonaws.com",
+          "tlsVersion": "TLSv1.3"
+        },
+        "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
+        "userIdentity": {
+          "accessKeyId": "ASIAQWERQWERQWERQWER",
+          "accountId": "123123123123",
+          "arn": "arn:aws:sts::123123123123:assumed-role/DevAdmin/dr.evil",
+          "principalId": "AROAQWERQWERQWERQWER:dr.evil",
+          "sessionContext": {
+            "attributes": {
+              "creationDate": "2025-01-21T16:08:03Z",
+              "mfaAuthenticated": "false"
+            },
+            "sessionIssuer": {
+              "accountId": "123123123123",
+              "arn": "arn:aws:iam::123123123123:role/aws-reserved/sso.amazonaws.com/us-west-2/DevAdmin",
+              "principalId": "AROAQWERQWERQWERQWER",
+              "type": "Role",
+              "userName": "DevAdmin"
+            }
+          },
+          "type": "AssumedRole"
+        }
+      }
+  - Name: List Guardrails
+    ExpectedResult: false
+    Log: 
+      {
+        "awsRegion": "us-west-2",
+        "eventCategory": "Management",
+        "eventID": "906c4056-df1e-4565-a40b-2ba216a0c849",
+        "eventName": "ListGuardrails",
+        "eventSource": "bedrock.amazonaws.com",
+        "eventTime": "2025-01-21 18:12:33.000000000",
+        "eventType": "AwsApiCall",
+        "eventVersion": "1.09",
+        "managementEvent": true,
+        "readOnly": true,
+        "recipientAccountId": "123123123123",
+        "requestID": "9219ab18-cddf-4376-afc6-cc4edf2c2f0f",
+        "requestParameters": {
+          "maxResults": 1000
+        },
+        "sessionCredentialFromConsole": true,
+        "sourceIPAddress": "123.123.123.123",
+        "tlsDetails": {
+          "cipherSuite": "TLS_AES_128_GCM_SHA256",
+          "clientProvidedHostHeader": "bedrock.us-west-2.amazonaws.com",
+          "tlsVersion": "TLSv1.3"
+        },
+        "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
+        "userIdentity": {
+          "accessKeyId": "ASIAQWERQWERQWERQWER",
+          "accountId": "123123123123",
+          "arn": "arn:aws:sts::123123123123:assumed-role/DevAdmin/dr.evil",
+          "principalId": "AROAQWERQWERQWERQWER:dr.evil",
+          "sessionContext": {
+            "attributes": {
+              "creationDate": "2025-01-21T16:08:03Z",
+              "mfaAuthenticated": "false"
+            },
+            "sessionIssuer": {
+              "accountId": "123123123123",
+              "arn": "arn:aws:iam::123123123123:role/aws-reserved/sso.amazonaws.com/us-west-2/DevAdmin",
+              "principalId": "AROAQWERQWERQWERQWER",
+              "type": "Role",
+              "userName": "DevAdmin"
+            }
+          },
+          "type": "AssumedRole"
+        }
+      }

rules/aws_cloudtrail_rules/aws_bedrock_guardrail_update_delete.py

@@ -0,0 +1,30 @@
+from panther_aws_helpers import aws_cloudtrail_success, aws_rule_context
+
+GUARDRAIL_EVENTS = {"DeleteGuardrail", "UpdateGuardrail"}
+
+
+def rule(event):
+    if (
+        event.get("eventSource") == "bedrock.amazonaws.com"
+        and event.get("eventName") in GUARDRAIL_EVENTS
+        and aws_cloudtrail_success(event)
+    ):
+        return True
+    return False
+
+
+def title(event):
+    user = event.udm("actor_user")
+    guardrail = event.deep_get("requestParameters", "guardrailIdentifier")
+    action = event.get("eventName").replace("Guardrail", "").lower()
+    return f"User [{user}] {action}d Bedrock guardrail [{guardrail}]"
+
+
+def severity(event):
+    if event.get("eventName") == "UpdateGuardrail":
+        return "LOW"
+    return "DEFAULT"
+
+
+def alert_context(event):
+    return aws_rule_context(event)

rules/aws_cloudtrail_rules/aws_bedrock_guardrail_update_delete.yml

@@ -0,0 +1,185 @@
+AnalysisType: rule
+Filename: aws_bedrock_guardrail_update_delete.py
+RuleID: "AWS.Bedrock.GuardrailUpdateDelete"
+DisplayName: "AWS Bedrock Guardrail Updated or Deleted"
+Enabled: true
+LogTypes:
+  - AWS.CloudTrail
+Tags:
+  - AWS
+  - Bedrock
+  - Generative AI Guardrails
+  - AML.T0054
+  - LLM Jailbreak
+  - "Impair Defenses: Disable or Modify Tools"
+  - Defense Evasion
+Severity: Medium
+Reports:
+  MITRE ATT&CK:
+    - TA0005:T1562.001 # Impair Defenses: Disable or Modify Tools
+Description: >
+  An Amazon Bedrock Guardrail was updated or deleted.
+  Amazon Bedrock Guardrails are used to implement application-specific safeguards based on your use cases and responsible AI policies.
+  Updating or deleting a guardrail can have security implications to your AI workloads.
+Runbook: >
+  Review the guardrail update or deletion to ensure that it was authorized and that it does not introduce security risks to your AI workloads.
+  If the guardrail update or deletion was unauthorized, investigate the incident and take appropriate action.
+  https://atlas.mitre.org/mitigations/AML.M0020
+Reference: https://docs.aws.amazon.com/bedrock/latest/APIReference/API_DeleteGuardrail.html
+SummaryAttributes:
+  - userAgent
+  - sourceIpAddress
+  - recipientAccountId
+  - p_any_aws_arns
+Tests:
+  - Name: Guardrail Updated
+    ExpectedResult: true
+    Log:
+      {
+        "awsRegion": "us-west-2",
+        "eventCategory": "Management",
+        "eventID": "4d482238-d0c5-4337-800f-d1ed79957fd4",
+        "eventName": "UpdateGuardrail",
+        "eventSource": "bedrock.amazonaws.com",
+        "eventTime": "2025-01-21 17:39:10.000000000",
+        "eventType": "AwsApiCall",
+        "eventVersion": "1.09",
+        "managementEvent": true,
+        "readOnly": false,
+        "recipientAccountId": "123123123123",
+        "requestID": "4ebcfaab-52e6-4027-9307-dbfe671b1cdb",
+        "requestParameters": {
+          "guardrailIdentifier": "cmy5azq5koeo",
+          "name": "HIDDEN_DUE_TO_SECURITY_REASONS"
+        },
+        "responseElements": {
+          "guardrailArn": "arn:aws:bedrock:us-west-2:123123123123:guardrail/cmy5azq5koeo",
+          "guardrailId": "cmy5azq5koeo",
+          "updatedAt": "2025-01-21T17:39:10.379877250Z",
+          "version": "DRAFT"
+        },
+        "sessionCredentialFromConsole": true,
+        "sourceIPAddress": "123.123.123.123",
+        "tlsDetails": {
+          "cipherSuite": "TLS_AES_128_GCM_SHA256",
+          "clientProvidedHostHeader": "bedrock.us-west-2.amazonaws.com",
+          "tlsVersion": "TLSv1.3"
+        },
+        "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
+        "userIdentity": {
+          "accessKeyId": "ASIAQWERQWERQWERQWER",
+          "accountId": "123123123123",
+          "arn": "arn:aws:sts::123123123123:assumed-role/DevAdmin/dr.evil",
+          "principalId": "AROAQWERQWERQWERQWER:dr.evil",
+          "sessionContext": {
+            "attributes": {
+              "creationDate": "2025-01-21T16:08:03Z",
+              "mfaAuthenticated": "false"
+            },
+            "sessionIssuer": {
+              "accountId": "123123123123",
+              "arn": "arn:aws:iam::123123123123:role/aws-reserved/sso.amazonaws.com/us-west-2/DevAdmin",
+              "principalId": "AROAQWERQWERQWERQWER",
+              "type": "Role",
+              "userName": "DevAdmin"
+            }
+          },
+          "type": "AssumedRole"
+        }
+      }
+  - Name: Guardrail Deleted
+    ExpectedResult: true
+    Log: 
+      {
+        "awsRegion": "us-west-2",
+        "eventCategory": "Management",
+        "eventID": "3105145b-d0ca-41ab-a0fd-73f4f31ccbd1",
+        "eventName": "DeleteGuardrail",
+        "eventSource": "bedrock.amazonaws.com",
+        "eventTime": "2025-01-21 18:12:33.000000000",
+        "eventType": "AwsApiCall",
+        "eventVersion": "1.09",
+        "managementEvent": true,
+        "readOnly": false,
+        "recipientAccountId": "123123123123",
+        "requestID": "6e6cadb2-ad15-4c46-9900-fd1888e01ee1",
+        "requestParameters": {
+          "guardrailIdentifier": "cmy5azq5koeo"
+        },
+        "sessionCredentialFromConsole": true,
+        "sourceIPAddress": "123.123.123.123",
+        "tlsDetails": {
+          "cipherSuite": "TLS_AES_128_GCM_SHA256",
+          "clientProvidedHostHeader": "bedrock.us-west-2.amazonaws.com",
+          "tlsVersion": "TLSv1.3"
+        },
+        "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
+        "userIdentity": {
+          "accessKeyId": "ASIAQWERQWERQWERQWER",
+          "accountId": "123123123123",
+          "arn": "arn:aws:sts::123123123123:assumed-role/DevAdmin/dr.evil",
+          "principalId": "AROAQWERQWERQWERQWER:dr.evil",
+          "sessionContext": {
+            "attributes": {
+              "creationDate": "2025-01-21T16:08:03Z",
+              "mfaAuthenticated": "false"
+            },
+            "sessionIssuer": {
+              "accountId": "123123123123",
+              "arn": "arn:aws:iam::123123123123:role/aws-reserved/sso.amazonaws.com/us-west-2/DevAdmin",
+              "principalId": "AROAQWERQWERQWERQWER",
+              "type": "Role",
+              "userName": "DevAdmin"
+            }
+          },
+          "type": "AssumedRole"
+        }
+      }
+  - Name: List Guardrails
+    ExpectedResult: false
+    Log: 
+      {
+        "awsRegion": "us-west-2",
+        "eventCategory": "Management",
+        "eventID": "906c4056-df1e-4565-a40b-2ba216a0c849",
+        "eventName": "ListGuardrails",
+        "eventSource": "bedrock.amazonaws.com",
+        "eventTime": "2025-01-21 18:12:33.000000000",
+        "eventType": "AwsApiCall",
+        "eventVersion": "1.09",
+        "managementEvent": true,
+        "readOnly": true,
+        "recipientAccountId": "123123123123",
+        "requestID": "9219ab18-cddf-4376-afc6-cc4edf2c2f0f",
+        "requestParameters": {
+          "maxResults": 1000
+        },
+        "sessionCredentialFromConsole": true,
+        "sourceIPAddress": "123.123.123.123",
+        "tlsDetails": {
+          "cipherSuite": "TLS_AES_128_GCM_SHA256",
+          "clientProvidedHostHeader": "bedrock.us-west-2.amazonaws.com",
+          "tlsVersion": "TLSv1.3"
+        },
+        "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
+        "userIdentity": {
+          "accessKeyId": "ASIAQWERQWERQWERQWER",
+          "accountId": "123123123123",
+          "arn": "arn:aws:sts::123123123123:assumed-role/DevAdmin/dr.evil",
+          "principalId": "AROAQWERQWERQWERQWER:dr.evil",
+          "sessionContext": {
+            "attributes": {
+              "creationDate": "2025-01-21T16:08:03Z",
+              "mfaAuthenticated": "false"
+            },
+            "sessionIssuer": {
+              "accountId": "123123123123",
+              "arn": "arn:aws:iam::123123123123:role/aws-reserved/sso.amazonaws.com/us-west-2/DevAdmin",
+              "principalId": "AROAQWERQWERQWERQWER",
+              "type": "Role",
+              "userName": "DevAdmin"
+            }
+          },
+          "type": "AssumedRole"
+        }
+      }