Classification:

attack

Tactic:

TA0007-discovery

Technique:

T1526-cloud-service-discovery

VIEW RULE IN DATADOG VIEW SIGNALS

Goal

Detect unauthorized attempts to discover Amazon Bedrock models and training jobs using long-term AWS access keys.

Strategy

Monitor CloudTrail and unauthorized attempts to discover Amazon Bedrock models or training jobs.

• ListModels
• DescribeModel
• ListTrainingJobs
• DescribeTrainingJob

These attempts were explicitly denied due to lack of permissions, indicating potential unauthorized enumeration of machine learning resources. If successful, an attacker can locate data sources for self-hosted models such as an S3 bucket, then exfiltrate potentially sensitive data from these sources.

Triage and response

1. Determine if the API call ({{@evt.name}}) should have been made by the user ({{@userIdentity.arn}}) from this IP address ({{@network.client.ip}}).
2. If the action is legitimate, consider including the user in a suppression list. For more information, see Best practices for creating detection rules with Datadog Cloud SIEM.
3. If the action shouldn’t have happened:
   • Contact the user: {{@userIdentity.arn}} and see if they made the API call.
   • Use the Cloud SIEM - User Investigation dashboard to see if the user {{@userIdentity.arn}} has taken other actions.
   • Use the Cloud SIEM - IP Investigation dashboard to see if there’s more traffic from the IP {{@network.client.ip}}.
4. If the results of the triage indicate that an attacker has taken the action, initiate your company’s incident response process, as well as an investigation.