Detection rules › Kusto
Vaikora - Agent policy violation
This is a third-party alert feed, not a detection over modeled telemetry. The vendor product raised the finding; this rule forwards it into the SIEM. It is searchable for reference but is excluded from the detection-rule browse and the ATT&CK coverage matrix.
Identifies AI agent actions explicitly blocked by a Vaikora policy. Repeated violations from the same agent may indicate prompt injection, policy circumvention, or a compromised workflow.
MITRE ATT&CK coverage
| Tactic | Techniques |
|---|---|
| Stealth | T1078 Valid Accounts, T1562 Impair Defenses |
Rule body kusto
id: 54262ad1-f346-4246-a13f-9557595ff7bd
name: Vaikora - Agent policy violation
description: |
Identifies AI agent actions explicitly blocked by a Vaikora policy. Repeated violations from the same agent may indicate prompt injection, policy circumvention, or a compromised workflow.
severity: Medium
status: Available
requiredDataConnectors:
- connectorId: VaikoraSentinel
dataTypes:
- Vaikora_AgentSignals_CL
queryFrequency: 15m
queryPeriod: 1h
triggerOperator: GreaterThan
triggerThreshold: 0
tactics:
- Impact
- DefenseEvasion
relevantTechniques:
- T1078
- T1562
query: |
Vaikora_AgentSignals_CL
| where TimeGenerated > ago(1h)
| where policy_decision_s == "block"
| summarize
ViolationCount = count(),
PolicyIds = make_set(policy_id_s),
ActionTypes = make_set(action_type_s),
ResourceTypes = make_set(resource_type_s),
MaxAnomalyScore = max(anomaly_score_d),
Severities = make_set(severity_s),
LogHashes = make_set(log_hash_s)
by AgentId = agent_id_s
| extend
PolicyList = strcat_array(PolicyIds, ", "),
ActionList = strcat_array(ActionTypes, ", "),
ResourceList = strcat_array(ResourceTypes, ", ")
| where ViolationCount >= 1
suppressionDuration: 15m
suppressionEnabled: false
incidentConfiguration:
createIncident: true
groupingConfiguration:
enabled: true
reopenClosedIncident: false
lookbackDuration: 1h
matchingMethod: Selected
groupByEntities:
- Account
eventGroupingSettings:
aggregationKind: AlertPerResult
customDetails:
ViolationCount: ViolationCount
PolicyIds: PolicyList
ActionTypes: ActionList
MaxAnomalyScore: MaxAnomalyScore
entityMappings:
- entityType: Account
fieldMappings:
- identifier: Name
columnName: AgentId
version: 1.0.0
kind: Scheduled
Stages and Predicates
Stage 1: source
Vaikora_AgentSignals_CL
Stage 2: where
| where TimeGenerated > ago(1h)
Stage 3: where
| where policy_decision_s == "block"
Stage 4: summarize
| summarize
ViolationCount = count(),
PolicyIds = make_set(policy_id_s),
ActionTypes = make_set(action_type_s),
ResourceTypes = make_set(resource_type_s),
MaxAnomalyScore = max(anomaly_score_d),
Severities = make_set(severity_s),
LogHashes = make_set(log_hash_s)
by AgentId = agent_id_s
Stage 5: extend
| extend
PolicyList = strcat_array(PolicyIds, ", "),
ActionList = strcat_array(ActionTypes, ", "),
ResourceList = strcat_array(ResourceTypes, ", ")
Stage 6: where
| where ViolationCount >= 1
Indicators
Each row is a field, operator, and value that the rule matches. The corpus column counts how many other rules in the catalog look for the same combination: high numbers point to widely-used, community-vetted indicators. Blank or 1 shows that the indicator is specific to this rule.
| Field | Kind | Values |
|---|---|---|
ViolationCount | ge |
|
policy_decision_s | eq |
|
Output fields
Fields the rule emits when it matches. Chronicle authors list these in the outcome block; they appear on the detection and $risk_score drives alerting. Sentinel / Defender XDR rules build them up through project / summarize / extend stages. Sentinel maps these into alert fields via entityMappings and customDetails; Defender XDR custom detections surface them as alert fields directly.
| Field | Source |
|---|---|
ActionTypes | summarize |
AgentId | summarize |
LogHashes | summarize |
MaxAnomalyScore | summarize |
PolicyIds | summarize |
ResourceTypes | summarize |
Severities | summarize |
ViolationCount | summarize |
ActionList | extend |
PolicyList | extend |
ResourceList | extend |