[New Rules] Azure OpenAI

rules/integrations/azure_openai/azure_openai_denial_of_ml_service_detection.toml

@@ -0,0 +1,50 @@
+[metadata]
+creation_date = "2024/05/05"
+maturity = "production"
+updated_date = "2024/05/05"
+min_stack_comments = "ES|QL rule type is still in technical preview as of 8.13, however this rule was tested successfully; integration in tech preview"
+min_stack_version = "8.13.0"
+
+[rule]
+author = ["Elastic"]
+description = """
+Detects patterns indicative of Denial of Service attacks on ML models, focusing on unusually high volume and frequency
+of requests or patterns of requests that are known to cause performance degradation or service disruption, such as
+large input sizes or rapid API calls.
+"""
+false_positives = ["Unexpected system errors", "Legitimate spikes in usage due to business processes"]
+from = "now-60m"
+interval = "10m"
+language = "esql"
+license = "Elastic License v2"
+name = "Potential Denial of Azure OpenAI ML Service"
+references = [
+    "https://genai.owasp.org/llmrisk/llm04-model-denial-of-service",
+    "https://atlas.mitre.org/techniques/AML.T0029"
+]
+risk_score = 47
+rule_id = "b0450411-46e5-46d2-9b35-8b5dd9ba763e"
+setup = """## Setup
+
+For more information on streaming events, see the Azure OpenAI documentation:
+
+https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/stream-monitoring-data-event-hubs
+"""
+severity = "medium"
+tags = [
+    "Domain: LLM",
+    "Data Source: Azure OpenAI",
+    "Data Source: Azure Event Hubs",
+    "Use Case: Denial of Service",
+    "Mitre Atlas: T0029"
+]
+timestamp_override = "event.ingested"
+type = "esql"
+
+query = '''
+from logs-azure_openai.logs-*
+| where azure.open_ai.operation_name == "ChatCompletions_Create"
+| stats count = count(), avg_request_size = avg(azure.open_ai.properties.request_length) by azure.resource.id
+| where count > 1000 OR avg_request_size > 5000
+| sort count desc
+'''

rules/integrations/azure_openai/azure_openai_insecure_output_handling_detection.toml

@@ -0,0 +1,48 @@
+[metadata]
+creation_date = "2024/05/22"
+maturity = "production"
+updated_date = "2024/05/22"
+min_stack_comments = "ES|QL rule type is still in experimental as of 8.13, however this rule was tested successfully; integration in experimental"
+min_stack_version = "8.13.0"
+
+[rule]
+author = ["Elastic"]
+description = """
+Detects when Azure OpenAI requests result in zero response length, potentially indicating issues in output handling
+that might lead to security exploits such as data leaks or code execution. This can occur in cases where the API fails
+to handle outputs correctly under certain input conditions.
+"""
+false_positives = ["Queries that are designed to expect empty responses or benign system errors"]
+from = "now-60m"
+interval = "10m"
+language = "esql"
+license = "Elastic License v2"
+name = "Azure OpenAI Insecure Output Handling Detection"
+references = [
+    "https://genai.owasp.org/llmrisk/llm02-insecure-output-handling"
+]
+risk_score = 21
+rule_id = "fb16f9ef-cb03-4234-adc2-44641f3b71ee"
+setup = """## Setup
+
+For more information on streaming events, see the Azure OpenAI documentation:
+
+https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/stream-monitoring-data-event-hubs
+"""
+severity = "low"
+tags = [
+    "Domain: LLM",
+    "Data Source: Azure OpenAI",
+    "Data Source: Azure Event Hubs",
+    "Use Case: Insecure Output Handling"
+]
+timestamp_override = "event.ingested"
+type = "esql"
+
+query = '''
+from logs-azure_openai.logs-*
+| where azure.open_ai.properties.response_length == 0 and azure.open_ai.result_signature == "200" and azure.open_ai.operation_name == "ChatCompletions_Create"
+| stats count = count() by azure.resource.id, azure.open_ai.operation_name
+| where count > 10
+| sort count desc
+'''

rules/integrations/azure_openai/azure_openai_model_theft_detection.toml

@@ -0,0 +1,50 @@
+[metadata]
+creation_date = "2024/05/05"
+maturity = "production"
+updated_date = "2024/05/05"
+min_stack_comments = "ES|QL rule type is still in technical preview as of 8.13, however this rule was tested successfully; integration in tech preview"
+min_stack_version = "8.13.0"
+
+[rule]
+author = ["Elastic"]
+description = """
+Monitors for suspicious activities that may indicate theft or unauthorized duplication of ML models, such as
+unauthorized API calls, atypical access patterns, or large data transfers that are unusual during model interactions.
+"""
+false_positives = ["Authorized model training", "Legitimate high volume data exchanges during scheduled updates"]
+from = "now-60m"
+interval = "10m"
+language = "esql"
+license = "Elastic License v2"
+name = "Potential Azure OpenAI Model Theft Detection"
+references = [
+    "https://genai.owasp.org/llmrisk/llm10-model-theft",
+    "https://atlas.mitre.org/techniques/AML.T0044"
+]
+risk_score = 47
+rule_id = "4021e78d-5293-48d3-adee-a70fa4c18fab"
+setup = """## Setup
+
+For more information on
+streaming events, see the Azure OpenAI documentation:
+
+https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/stream-monitoring-data-event-hubs
+"""
+severity = "medium"
+tags = [
+    "Domain: LLM",
+    "Data Source: Azure OpenAI",
+    "Data Source: Azure Event Hubs",
+    "Use Case: Model Theft",
+    "Mitre Atlas: T0044"
+]
+timestamp_override = "event.ingested"
+type = "esql"
+
+query = '''
+from logs-azure_openai.logs-*
+| where azure.open_ai.operation_name == "ListKey" and azure.open_ai.category == "Audit"
+| stats count = count(), max_data_transferred = max(azure.open_ai.properties.response_length) by azure.open_ai.properties.model_name
+| where count > 100 OR max_data_transferred > 1000000
+| sort count desc
+'''