
Summary
Detects potential cross-region inference abuse against AWS Bedrock Claude models by analyzing Bedrock invocation logs to find mismatches between the region where a request originated and the region where inference occurs, coupled with high token usage. The rule targets attempts to bypass regional restrictions, exfiltrate data, or perform unauthorized actions across regions. It extracts identity and session context (user ARN, session_user), token counts (input and output), and region metadata, derives a short model name, and computes a token_ratio to assess usage intensity. Filtering requires a valid user_arn, a non-null session_user, a region mismatch (region != inferenceRegion), and substantial input payloads (input_tokens >= 2000). The rule outputs a structured event with time, user identifiers, the short model name, token statistics, mismatch details, and host information for rapid investigation. It is mapped to a MITRE-like technique (T1599) and supports investigation through intermediate findings and analytic storytelling. False positives may occur in legitimate multi-region deployments or testing; contextual review is essential. The rule integrates with Splunk via the AWS Add-on and Bedrock model-invocation logging, requiring proper configuration to ingest Claude request/response payloads into a Splunk index and sourcetype, and uses a macro to target the appropriate data source.
Categories
- Cloud
Data Sources
- Application Log
- Cloud Service
- Process
- Network Traffic
- Web Credential
- File
- Drive
- Volume
- Command
- Script
- Service
- Instance
- Image
- Kernel
- Driver
- Domain Name
- Network Share
- Scheduled Job
- Firmware
- WMI
- Certificate
- User Account
- Pod
- Container
- Sensor Health
- Snapshot
- Kernel
- Module
- Windows Registry
- Kernel
ATT&CK Techniques
- T1599
Created: 2026-07-07