Name:AWS Bedrock High Number List Foundation Model Failures id:e84b3c74-f742-11ee-9f6e-acde48001122 version:1 date:2024-12-05 author:Bhavin Patel, Splunk status:production type:TTP Description:The following analytic identifies an high number of AccessDenied attempts to list AWS Bedrock foundation models. It leverages AWS CloudTrail logs to detect when a user or service experiences multiple failures when calling the ListFoundationModels API. This activity is significant as it may indicate an adversary performing reconnaissance of available AI models after compromising credentials with limited permissions. Repeated failures could suggest brute force attempts to enumerate accessible resources or misconfigured access controls. If confirmed malicious, this could represent early-stage reconnaissance before attempting to access or manipulate Bedrock models or knowledge bases. Data_source:
-AWS CloudTrail
search:`cloudtrail` eventSource=bedrock.amazonaws.com eventName=ListFoundationModels errorCode=AccessDenied | rename user_name as user | stats count min(_time) as firstTime max(_time) as lastTime values(errorCode) as errorCodes values(errorMessage) as errorMessages by src user user_agent vendor_account vendor_product dest signature vendor_region | where count > 9 | `security_content_ctime(firstTime)` | `security_content_ctime(lastTime)` | `aws_bedrock_high_number_list_foundation_model_failures_filter`
how_to_implement:The Splunk AWS Add-on is required to utilize this data. The search requires AWS CloudTrail logs with Bedrock service events enabled. You must install and configure the AWS App for Splunk (version 6.0.0 or later) and Splunk Add-on for AWS (version 5.1.0 or later) to collect CloudTrail logs from AWS. known_false_positives:Legitimate users may encounter multiple failures during permission testing, role transitions, or when service permissions are being reconfigured. High volumes of API errors may also occur during automated processes with misconfigured IAM policies or when new Bedrock features are being explored through API testing. References: -https://docs.aws.amazon.com/bedrock/latest/APIReference/API_ListFoundationModels.html -https://trustoncloud.com/blog/exposing-the-weakness-how-we-identified-a-flaw-in-bedrocks-foundation-model-access-control/ -https://attack.mitre.org/techniques/T1595/ drilldown_searches: name:'View the detection results for - "$user$"' search:'%original_detection_search% | search user = "$user$"' earliest_offset:'$info_min_time$' latest_offset:'$info_max_time$' name:'View risk events for the last 7 days for - "$user$"' search:'| from datamodel Risk.All_Risk | search normalized_risk_object IN ("$user$") starthoursago=168 | stats count min(_time) as firstTime max(_time) as lastTime values(search_name) as "Search Name" values(risk_message) as "Risk Message" values(analyticstories) as "Analytic Stories" values(annotations._all) as "Annotations" values(annotations.mitre_attack.mitre_tactic) as "ATT&CK Tactics" by normalized_risk_object | `security_content_ctime(firstTime)` | `security_content_ctime(lastTime)`' earliest_offset:'$info_min_time$' latest_offset:'$info_max_time$' tags: analytic_story: - 'AWS Bedrock Security' asset_type:AWS Account mitre_attack_id: - 'T1580' product: - 'Splunk Enterprise' - 'Splunk Enterprise Security' - 'Splunk Cloud' security_domain:threat
