The 'Ollama Suspicious Prompt Injection Jailbreak' detection rule monitors Ollama API endpoints for signs of prompt injection or jailbreak attempts, indicated by requests that take longer than 30 seconds to process. These long response times may be a result of attackers using intricate prompts designed to bypass AI safety controls, which can be a sophisticated multi-layered approach to extract sensitive information or manipulate the AI's behavior. The rule utilizes specific log fields from the Ollama server to capture and analyze request characteristics, specifically focusing on response time metrics for the /api/generate and /api/chat endpoints. If requests exceed the predefined thresholds, subsequent analytics categorize the severity of the potential threats, allowing security teams to prioritize response efforts accordingly. The rule is positioned as an experimental anomaly detection and relies on data from the Ollama Server through Splunk for monitoring.