Detection rules › Panther
AWS Bedrock Guardrail Updated or Deleted
An Amazon Bedrock Guardrail was updated or deleted. Amazon Bedrock Guardrails are used to implement application-specific safeguards based on your use cases and responsible AI policies. Updating or deleting a guardrail can have security implications to your AI workloads.
MITRE ATT&CK coverage
| Tactic | Techniques |
|---|---|
| Stealth | T1562.001 Impair Defenses: Disable or Modify Tools |
Rules detecting the same action
Other rules on this platform that filter on the same API call or operation.
- AWS Bedrock Delete GuardRails (Splunk)
- AWS Bedrock Guardrail Deleted or Weakened (Elastic)
Rule body yaml
AnalysisType: rule
Filename: aws_bedrock_guardrail_update_delete.py
RuleID: "AWS.Bedrock.GuardrailUpdateDelete"
DisplayName: "AWS Bedrock Guardrail Updated or Deleted"
Enabled: true
LogTypes:
- AWS.CloudTrail
Tags:
- AWS
- Bedrock
- Generative AI Guardrails
- AML.T0054
- LLM Jailbreak
- "Impair Defenses: Disable or Modify Tools"
- Defense Evasion
Severity: Medium
Reports:
MITRE ATT&CK:
- TA0005:T1562.001 # Impair Defenses: Disable or Modify Tools
Description: >
An Amazon Bedrock Guardrail was updated or deleted.
Amazon Bedrock Guardrails are used to implement application-specific safeguards based on your use cases and responsible AI policies.
Updating or deleting a guardrail can have security implications to your AI workloads.
Runbook: |
Review the guardrail update or deletion to ensure that it was authorized and that it does not introduce security risks to your AI workloads.
If the guardrail update or deletion was unauthorized, investigate the incident and take appropriate action.
https://atlas.mitre.org/mitigations/AML.M0020
Reference: https://docs.aws.amazon.com/bedrock/latest/APIReference/API_DeleteGuardrail.html
SummaryAttributes:
- userAgent
- sourceIpAddress
- recipientAccountId
- p_any_aws_arns
Tests:
- Name: Guardrail Updated
ExpectedResult: true
Log:
{
"awsRegion": "us-west-2",
"eventCategory": "Management",
"eventID": "4d482238-d0c5-4337-800f-d1ed79957fd4",
"eventName": "UpdateGuardrail",
"eventSource": "bedrock.amazonaws.com",
"eventTime": "2025-01-21 17:39:10.000000000",
"eventType": "AwsApiCall",
"eventVersion": "1.09",
"managementEvent": true,
"readOnly": false,
"recipientAccountId": "123123123123",
"requestID": "4ebcfaab-52e6-4027-9307-dbfe671b1cdb",
"requestParameters": {
"guardrailIdentifier": "cmy5azq5koeo",
"name": "HIDDEN_DUE_TO_SECURITY_REASONS"
},
"responseElements": {
"guardrailArn": "arn:aws:bedrock:us-west-2:123123123123:guardrail/cmy5azq5koeo",
"guardrailId": "cmy5azq5koeo",
"updatedAt": "2025-01-21T17:39:10.379877250Z",
"version": "DRAFT"
},
"sessionCredentialFromConsole": true,
"sourceIPAddress": "123.123.123.123",
"tlsDetails": {
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "bedrock.us-west-2.amazonaws.com",
"tlsVersion": "TLSv1.3"
},
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
"userIdentity": {
"accessKeyId": "ASIAQWERQWERQWERQWER",
"accountId": "123123123123",
"arn": "arn:aws:sts::123123123123:assumed-role/DevAdmin/dr.evil",
"principalId": "AROAQWERQWERQWERQWER:dr.evil",
"sessionContext": {
"attributes": {
"creationDate": "2025-01-21T16:08:03Z",
"mfaAuthenticated": "false"
},
"sessionIssuer": {
"accountId": "123123123123",
"arn": "arn:aws:iam::123123123123:role/aws-reserved/sso.amazonaws.com/us-west-2/DevAdmin",
"principalId": "AROAQWERQWERQWERQWER",
"type": "Role",
"userName": "DevAdmin"
}
},
"type": "AssumedRole"
}
}
- Name: Guardrail Deleted
ExpectedResult: true
Log:
{
"awsRegion": "us-west-2",
"eventCategory": "Management",
"eventID": "3105145b-d0ca-41ab-a0fd-73f4f31ccbd1",
"eventName": "DeleteGuardrail",
"eventSource": "bedrock.amazonaws.com",
"eventTime": "2025-01-21 18:12:33.000000000",
"eventType": "AwsApiCall",
"eventVersion": "1.09",
"managementEvent": true,
"readOnly": false,
"recipientAccountId": "123123123123",
"requestID": "6e6cadb2-ad15-4c46-9900-fd1888e01ee1",
"requestParameters": {
"guardrailIdentifier": "cmy5azq5koeo"
},
"sessionCredentialFromConsole": true,
"sourceIPAddress": "123.123.123.123",
"tlsDetails": {
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "bedrock.us-west-2.amazonaws.com",
"tlsVersion": "TLSv1.3"
},
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
"userIdentity": {
"accessKeyId": "ASIAQWERQWERQWERQWER",
"accountId": "123123123123",
"arn": "arn:aws:sts::123123123123:assumed-role/DevAdmin/dr.evil",
"principalId": "AROAQWERQWERQWERQWER:dr.evil",
"sessionContext": {
"attributes": {
"creationDate": "2025-01-21T16:08:03Z",
"mfaAuthenticated": "false"
},
"sessionIssuer": {
"accountId": "123123123123",
"arn": "arn:aws:iam::123123123123:role/aws-reserved/sso.amazonaws.com/us-west-2/DevAdmin",
"principalId": "AROAQWERQWERQWERQWER",
"type": "Role",
"userName": "DevAdmin"
}
},
"type": "AssumedRole"
}
}
- Name: List Guardrails
ExpectedResult: false
Log:
{
"awsRegion": "us-west-2",
"eventCategory": "Management",
"eventID": "906c4056-df1e-4565-a40b-2ba216a0c849",
"eventName": "ListGuardrails",
"eventSource": "bedrock.amazonaws.com",
"eventTime": "2025-01-21 18:12:33.000000000",
"eventType": "AwsApiCall",
"eventVersion": "1.09",
"managementEvent": true,
"readOnly": true,
"recipientAccountId": "123123123123",
"requestID": "9219ab18-cddf-4376-afc6-cc4edf2c2f0f",
"requestParameters": {
"maxResults": 1000
},
"sessionCredentialFromConsole": true,
"sourceIPAddress": "123.123.123.123",
"tlsDetails": {
"cipherSuite": "TLS_AES_128_GCM_SHA256",
"clientProvidedHostHeader": "bedrock.us-west-2.amazonaws.com",
"tlsVersion": "TLSv1.3"
},
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
"userIdentity": {
"accessKeyId": "ASIAQWERQWERQWERQWER",
"accountId": "123123123123",
"arn": "arn:aws:sts::123123123123:assumed-role/DevAdmin/dr.evil",
"principalId": "AROAQWERQWERQWERQWER:dr.evil",
"sessionContext": {
"attributes": {
"creationDate": "2025-01-21T16:08:03Z",
"mfaAuthenticated": "false"
},
"sessionIssuer": {
"accountId": "123123123123",
"arn": "arn:aws:iam::123123123123:role/aws-reserved/sso.amazonaws.com/us-west-2/DevAdmin",
"principalId": "AROAQWERQWERQWERQWER",
"type": "Role",
"userName": "DevAdmin"
}
},
"type": "AssumedRole"
}
}
Detection logic
Condition
eventSource eq "bedrock.amazonaws.com"
eventName in ["DeleteGuardrail", "UpdateGuardrail"]
not (errorCode is_not_null or errorMessage is_not_null)
Exclusions
Top-level NOT(...) conjuncts: predicates this rule actively suppresses.
| Field | Kind | Excluded values |
|---|---|---|
errorCode | is_not_null | |
errorMessage | is_not_null |
Indicators
Each row is a field, operator, and value that the rule matches. The corpus column counts how many other rules in the catalog look for the same combination: high numbers point to widely-used, community-vetted indicators. Blank or 1 shows that the indicator is specific to this rule.
| Field | Kind | Values |
|---|---|---|
eventName | in |
|
eventSource | eq |
|
Output fields
Fields the rule emits when it matches. Chronicle authors list these in the outcome block; they appear on the detection and $risk_score drives alerting. Sentinel / Defender XDR rules build them up through project / summarize / extend stages. Sentinel maps these into alert fields via entityMappings and customDetails; Defender XDR custom detections surface them as alert fields directly.
| Field | Source |
|---|---|
eventName | |
eventSource | |
awsRegion | |
recipientAccountId | |
sourceIPAddress | |
userAgent | |
userIdentity | |
actor_user | |
guardrailIdentifier | requestParameters.guardrailIdentifier |