
Summary
This anomaly rule detects unusually large prompts sent to AWS Bedrock Claude models by analyzing input token counts per invocation. It establishes a statistical baseline (average tokens and standard deviation) from historical Bedrock Claude usage and flags requests that significantly exceed that baseline. The rule describes a high-threshold deviation (noted as 15 standard deviations above the mean in the description) and enforces a practical minimum token count to reduce noise, commonly filtering on prompts greater than 1000 tokens. The intent is to identify potential prompt injection attempts, data exfiltration attempts, or abuse of the AI service. The implementation pipeline renames relevant fields, computes the baseline (avg_tokens and stdev), and alerts when input_tokens materially exceed the baseline. The intermediate finding surfaces the host and token count context for investigation. Although the description emphasizes a very high deviation (15x stddev), the actual detection logic in the provided query uses a baseline-based threshold (mean plus a multiple of stdev) with a hard lower bound on token count, which should be reconciled during deployment to reflect the desired sensitivity. Mitre mapping in the rule metadata shows T1055 (Process Injection), though this appears to be a mislabel and the rule more accurately covers anomalous prompt usage rather than process-level attacks. This rule is applicable to cloud-enabled AI interactions accessed via web endpoints and logged through Splunk for analysis and alerting.
Categories
- Endpoint
- Web
- Application
- Cloud
Data Sources
- Sensor Health
- Cloud Service
- Web Credential
- Cloud Storage
- Application Log
- Logon Session
- Process
- Module
- Image
- File
- Network Traffic
- Cloud Service
- Internet Scan
- Pod
- Container
- Instance
- Kernel
- Driver
- Volume
- Volume
- Service
- Domain Name
- Web Credential
- Script
- Command
- Network Traffic
- Application Log
- Windows Registry
- User Account
ATT&CK Techniques
- T1055
Created: 2026-07-07