Name:Cisco AI Defense Security Alerts by Application Name id:105e4a69-ec55-49fc-be1f-902467435ea8 version:2 date:2025-03-21 author:Bhavin Patel, Splunk status:production type:Anomaly Description:The search surfaces alerts from the Cisco AI Defense product for potential attacks against the AI models running in your environment. This analytic identifies security events within Cisco AI Defense by examining event messages, actions, and policy names. It focuses on connections and applications associated with specific guardrail entities and ruleset types. By aggregating and analyzing these elements, the search helps detect potential policy violations and security threats, enabling proactive defense measures and ensuring network integrity. Data_source:
-Cisco AI Defense Alerts
search:`cisco_ai_defense`
| rename genai_application.application_name as application_name
| rename connection.connection_name as connection_name ```Aggregating data by model name, connection name, application name, application ID, and user ID```
| stats count values(user_id) as user_id values(event_message_type) as event_message_type values(event_action) as event_action values(policy.policy_name) as policy_name values(event_policy_guardrail_assocs{}.policy_guardrail_assoc.guardrail_avail_entity.guardrail_entity_name) as guardrail_entity_name values(event_policy_guardrail_assocs{}.policy_guardrail_assoc.guardrail_avail_ruleset.guardrail_ruleset_type) as guardrail_ruleset_type by model.model_name connection_name application_name application_id ```Evaluating severity based on policy name and guardrail ruleset type```
| eval severity=case( policy_name IN ("AI Runtime Latency Testing - Prompt Injection"), "critical", policy_name IN ("AI Runtime Latency Testing - Code Detection"), "high", guardrail_ruleset_type IN ("Toxicity"), "medium", true(), "low" ) ```Calculating risk score based on severity level```
how_to_implement:To enable this detection, you need to ingest alerts from the Cisco AI Defense product. This can be done by using this app from splunkbase - Cisco Security Cloud and ingest alerts into the cisco:ai:defense sourcetype. known_false_positives:False positives may vary based on Cisco AI Defense configuration; monitor and filter out the alerts that are not relevant to your environment. References: -https://www.robustintelligence.com/blog-posts/prompt-injection-attack-on-gpt-4 -https://docs.aws.amazon.com/prescriptive-guidance/latest/llm-prompt-engineering-best-practices/common-attacks.html drilldown_searches: name:'View the detection results for - "$application_name$"' search:'%original_detection_search% | search application_name = "$application_name$"' earliest_offset:'$info_min_time$' latest_offset:'$info_max_time$' name:'View risk events for the last 7 days for - "$application_name$"' search:'| from datamodel Risk.All_Risk | search normalized_risk_object IN ("$application_name$") starthoursago=168 | stats count min(_time) as firstTime max(_time) as lastTime values(search_name) as "Search Name" values(risk_message) as "Risk Message" values(analyticstories) as "Analytic Stories" values(annotations._all) as "Annotations" values(annotations.mitre_attack.mitre_tactic) as "ATT&CK Tactics" by normalized_risk_object | `security_content_ctime(firstTime)` | `security_content_ctime(lastTime)`' earliest_offset:'$info_min_time$' latest_offset:'$info_max_time$' tags: analytic_story: - 'Critical Alerts' asset_type:Web Application product: - 'Splunk Enterprise' - 'Splunk Enterprise Security' - 'Splunk Cloud' security_domain:endpoint manual_test:We are dynamically creating the risk_score field based on the severity of the alert in the SPL and that supersedes the risk score set in the detection.
