← Library
splApache-2.0from splunk/security_content

AWS Bedrock Claude High Risk Filesystem and Exec Tool Invocation

Detects identities invoking high-risk filesystem and execution tools via AWS Bedrock Claude. For each identity, monitors the usage of potentially dangerous commands and flags any anomalous activity that deviates from their historical baseline. This may indicate attempts to escalate privileges, exfiltrate data, or execute unauthorized commands.

Quality
67
FP risk
Forks
0
Views
0
Rule source🔒 locked
🔒

Sign in to view the rule source

Free accounts can view the source for the top-ranked rules. Create one in seconds — no credit card required.

Sign in →