Detection: Cisco AI Defense Security Alerts by Application Name

EXPERIMENTAL DETECTION

This detection status is set to experimental. The Splunk Threat Research team has not yet fully tested, simulated, or built comprehensive datasets for this detection. As such, this analytic is not officially supported. If you have any questions or concerns, please reach out to us at research@splunk.com.

Updated Date: 2025-02-14 ID: 105e4a69-ec55-49fc-be1f-902467435ea8 Author: Bhavin Patel, Splunk Type: Anomaly Product: Splunk Enterprise Security

Description

The search surfaces alerts from the Cisco AI Defense product for potential attacks against the AI models running in your environment. This analytic identifies security events within Cisco AI Defense by examining event messages, actions, and policy names. It focuses on connections and applications associated with specific guardrail entities and ruleset types. By aggregating and analyzing these elements, the search helps detect potential policy violations and security threats, enabling proactive defense measures and ensuring network integrity.

Search

 1`cisco_ai_defense` 
 2  
 3| rename genai_application.application_name as application_name 
 4  
 5| rename connection.connection_name as connection_name 
 6  ```Aggregating data by model name, connection name, application name, application ID, and user ID```
 7  
 8| stats count 
 9      values(user_id) as user_id
10      values(event_message_type) as event_message_type
11      values(event_action) as event_action
12      values(policy.policy_name) as policy_name 
13      values(event_policy_guardrail_assocs{}.policy_guardrail_assoc.guardrail_avail_entity.guardrail_entity_name) as guardrail_entity_name 
14      values(event_policy_guardrail_assocs{}.policy_guardrail_assoc.guardrail_avail_ruleset.guardrail_ruleset_type) as guardrail_ruleset_type 
15      by model.model_name connection_name application_name application_id 
16  ```Evaluating severity based on policy name and guardrail ruleset type```
17  
18| eval severity=case(
19      policy_name IN ("AI Runtime Latency Testing - Prompt Injection"), "critical",
20      policy_name IN ("AI Runtime Latency Testing - Code Detection"), "high", 
21      guardrail_ruleset_type IN ("Toxicity"), "medium",
22      true(), "low"
23  ) 
24  ```Calculating risk score based on severity level```
25  
26| eval risk_score=case(
27      severity="critical", 100,
28      severity="high", 75,
29      severity="medium", 50,
30      severity="low", 25
31  )
32  
33| table model.model_name, user_id, event_action, application_id, application_name, severity, risk_score, policy_name, connection_name, guardrail_ruleset_type, guardrail_entity_name 
34  
35|`cisco_ai_defense_security_alerts_by_application_name_filter`'

Data Source

Name	Platform	Sourcetype	Source
Cisco AI Defense Alerts	N/A	`'cisco:ai:defense'`	`'cisco_ai_defense'`

Macros Used

Name	Value
cisco_ai_defense	`sourcetype=cisco:ai:defense`
cisco_ai_defense_security_alerts_by_application_name_filter	`search *`

cisco_ai_defense_security_alerts_by_application_name_filter is an empty macro by default. It allows the user to filter out any results (false positives) without editing the SPL.

Annotations

- MITRE ATT&CK

+ Kill Chain Phases

+ NIST

+ CIS

- Threat Actors

ID	Technique	Tactic

DE.AE

CIS 10

Default Configuration

This detection is configured by default in Splunk Enterprise Security to run with the following settings:

Setting	Value
Disabled	true
Cron Schedule	`0 * * * *`
Earliest Time	`-70m@m`
Latest Time	`-10m@m`
Schedule Window	`auto`
Creates Risk Event	True

This configuration file applies to all detections of type anomaly. These detections will use Risk Based Alerting.

Implementation

To enable this detection, you need to ingest alerts from the Cisco AI Defense product. This can be done by using this app from splunkbase - Cisco Security Cloud and ingest alerts into the cisco:ai:defense sourcetype.

Known False Positives

False positives may vary based on Cisco AI Defense configuration; monitor and filter out the alerts that are not relevant to your environment.

Associated Analytic Story

Critical Alerts

Risk Based Analytics (RBA)

Risk Message:

Cisco AI Defense Security Alert has been action - [$event_action$] for the application name - [$application_name$]

Risk Object	Risk Object Type	Risk Score	Threat Objects
application_name	other	10	No Threat Objects

References

Detection Testing

Test Type	Status	Dataset	Source	Sourcetype
Validation	Not Applicable	N/A	N/A	N/A
Unit	✅ Passing	Dataset	`cisco_ai_defense`	`cisco:ai:defense`
Integration	✅ Passing	Dataset	`cisco_ai_defense`	`cisco:ai:defense`

Replay any dataset to Splunk Enterprise by using our replay.py tool or the UI. Alternatively you can replay a dataset into a Splunk Attack Range

Source: GitHub | Version: 1