Update v8.13.6

edit

This section lists all updates associated with version 8.13.6 of the Fleet integration Prebuilt Security Detection Rules.

Rule Description Status Version

AWS S3 Bucket Enumeration or Brute Force

Identifies a high number of failed S3 operations from a single source and account (or anonymous account) within a short timeframe. This activity can be indicative of attempting to cause an increase in billing to an account for excessive random operations, cause resource exhaustion, or enumerating bucket names for discovery.

new

1

AWS Bedrock Guardrails Detected Multiple Violations by a Single User Over a Session

Identifies multiple violations of AWS Bedrock guardrails by the same user in the same account over a session. Multiple violations implies that a user may be intentionally attempting to cirvumvent security controls, access sensitive information, or possibly exploit a vulnerability in the system.

new

1

AWS Bedrock Guardrails Detected Multiple Policy Violations Within a Single Blocked Request

Identifies multiple violations of AWS Bedrock guardrails within a single request, resulting in a block action, increasing the likelihood of malicious intent. Multiple violations implies that a user may be intentionally attempting to cirvumvent security controls, access sensitive information, or possibly exploit a vulnerability in the system.

new

1

Unusual High Confidence Misconduct Blocks Detected

Detects repeated high-confidence BLOCKED actions coupled with specific violation codes such as MISCONDUCT, indicating persistent misuse or attempts to probe the model’s ethical boundaries.

new

1

Potential Abuse of Resources by High Token Count and Large Response Sizes

Detects potential resource exhaustion or data breach attempts by monitoring for users who consistently generate high input token counts, submit numerous requests, and receive large responses. This behavior could indicate an attempt to overload the system or extract an unusually large amount of data, possibly revealing sensitive information or causing service disruptions.

new

1

AWS Bedrock Detected Multiple Attempts to use Denied Models by a Single User

Identifies multiple successive failed attempts to use denied model resources within AWS Bedrock. This could indicated attempts to bypass limitations of other approved models, or to force an impact on the environment by incurring exhorbitant costs.

new

1