Detection rules › Panther
AWS Bedrock Model Invocation Logging Configuration Deleted
An Amazon Bedrock Model Invocation Logging Configuration was deleted. Use model invocation logging to collect metadata, requests, and responses for all model invocations in your account. Deleting a model invocation logging configuration can have security implications to your AI workloads.
MITRE ATT&CK coverage
| Tactic | Techniques |
|---|---|
| Stealth | T1562.003 Impair Defenses: Impair Command History Logging |
Rules detecting the same action
Other rules on this platform that filter on the same API call or operation.
Rule body yaml
AnalysisType: rule
Filename: aws_bedrock_deletemodelinvocationloggingconfiguration.py
RuleID: "AWS.Bedrock.DeleteModelInvocationLoggingConfiguration"
DisplayName: "AWS Bedrock Model Invocation Logging Configuration Deleted"
Enabled: true
LogTypes:
- AWS.CloudTrail
Tags:
- AWS
- Bedrock
- "Impair Defenses: Impair Command History Logging"
- Defense Evastion
Severity: Medium
Reports:
MITRE ATT&CK:
- TA0005:T1562.003 # Impair Defenses: Impair Command History Logging
Description: >
An Amazon Bedrock Model Invocation Logging Configuration was deleted.
Use model invocation logging to collect metadata, requests, and responses for all model invocations in your account.
Deleting a model invocation logging configuration can have security implications to your AI workloads.
Runbook: |
Review the model invocation logging configuration deletion to ensure that it was authorized and that it does not introduce security risks to your AI workloads.
If the model invocation logging configuration deletion was unauthorized, investigate the incident and take appropriate action.
Reference: https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html
SummaryAttributes:
- userAgent
- sourceIpAddress
- recipientAccountId
- p_any_aws_arns
Tests:
- Name: Model Invocation Logging Configuration Deleted
ExpectedResult: true
Log:
{
"awsRegion": "us-west-2",
"eventCategory": "Management",
"eventID": "28773860-a4fd-47c7-a215-6f0e6e6e532f",
"eventName": "DeleteModelInvocationLoggingConfiguration",
"eventSource": "bedrock.amazonaws.com",
"eventTime": "2025-01-21 17:49:47.000000000",
"eventType": "AwsApiCall",
"eventVersion": "1.09",
"managementEvent": true,
"readOnly": false,
"recipientAccountId": "123123123123",
"requestID": "7b9b25ca-be2d-4428-9793-0a677c32b823",
"sessionCredentialFromConsole": true,
"sourceIPAddress": "161.97.249.211",
"tlsDetails": {
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "bedrock.us-west-2.amazonaws.com",
"tlsVersion": "TLSv1.3"
},
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
"userIdentity": {
"accessKeyId": "ASIAQWERQWERQWERQWER",
"accountId": "123123123123",
"arn": "arn:aws:sts::123123123123:assumed-role/DevAdmin/dr.evil",
"principalId": "AROAQWERQWERQWERQWER:dr.evil",
"sessionContext": {
"attributes": {
"creationDate": "2025-01-21T16:08:03Z",
"mfaAuthenticated": "false"
},
"sessionIssuer": {
"accountId": "123123123123",
"arn": "arn:aws:iam::123123123123:role/aws-reserved/sso.amazonaws.com/us-west-2/DevAdmin",
"principalId": "AROAQWERQWERQWERQWER",
"type": "Role",
"userName": "DevAdmin"
}
},
"type": "AssumedRole"
}
}
- Name: List Guardrails
ExpectedResult: false
Log:
{
"awsRegion": "us-west-2",
"eventCategory": "Management",
"eventID": "906c4056-df1e-4565-a40b-2ba216a0c849",
"eventName": "ListGuardrails",
"eventSource": "bedrock.amazonaws.com",
"eventTime": "2025-01-21 18:12:33.000000000",
"eventType": "AwsApiCall",
"eventVersion": "1.09",
"managementEvent": true,
"readOnly": true,
"recipientAccountId": "123123123123",
"requestID": "9219ab18-cddf-4376-afc6-cc4edf2c2f0f",
"requestParameters": {
"maxResults": 1000
},
"sessionCredentialFromConsole": true,
"sourceIPAddress": "123.123.123.123",
"tlsDetails": {
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "bedrock.us-west-2.amazonaws.com",
"tlsVersion": "TLSv1.3"
},
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
"userIdentity": {
"accessKeyId": "ASIAQWERQWERQWERQWER",
"accountId": "123123123123",
"arn": "arn:aws:sts::123123123123:assumed-role/DevAdmin/dr.evil",
"principalId": "AROAQWERQWERQWERQWER:dr.evil",
"sessionContext": {
"attributes": {
"creationDate": "2025-01-21T16:08:03Z",
"mfaAuthenticated": "false"
},
"sessionIssuer": {
"accountId": "123123123123",
"arn": "arn:aws:iam::123123123123:role/aws-reserved/sso.amazonaws.com/us-west-2/DevAdmin",
"principalId": "AROAQWERQWERQWERQWER",
"type": "Role",
"userName": "DevAdmin"
}
},
"type": "AssumedRole"
}
}
Detection logic
Condition
eventSource eq "bedrock.amazonaws.com"
eventName eq "DeleteModelInvocationLoggingConfiguration"
not (errorCode is_not_null or errorMessage is_not_null)
Exclusions
Top-level NOT(...) conjuncts: predicates this rule actively suppresses.
| Field | Kind | Excluded values |
|---|---|---|
errorCode | is_not_null | |
errorMessage | is_not_null |
Indicators
Each row is a field, operator, and value that the rule matches. The corpus column counts how many other rules in the catalog look for the same combination: high numbers point to widely-used, community-vetted indicators. Blank or 1 shows that the indicator is specific to this rule.
| Field | Kind | Values |
|---|---|---|
eventName | eq |
|
eventSource | eq |
|
Output fields
Fields the rule emits when it matches. Chronicle authors list these in the outcome block; they appear on the detection and $risk_score drives alerting. Sentinel / Defender XDR rules build them up through project / summarize / extend stages. Sentinel maps these into alert fields via entityMappings and customDetails; Defender XDR custom detections surface them as alert fields directly.
| Field |
|---|
eventName |
eventSource |
awsRegion |
recipientAccountId |
sourceIPAddress |
userAgent |
userIdentity |
actor_user |