splApache-2.0from splunk/security_content
AWS Bedrock Claude High Risk Filesystem and Exec Tool Invocation
Detects identities invoking high-risk filesystem and execution tools via AWS Bedrock Claude. For each identity, monitors the usage of potentially dangerous commands and flags any anomalous activity that deviates from their historical baseline. This may indicate attempts to escalate privileges, exfiltrate data, or execute unauthorized commands.
Quality
67
FP risk
—
Forks
0
Views
0
Rule source🔒 locked
🔒
Sign in to view the rule source
Free accounts can view the source for the top-ranked rules. Create one in seconds — no credit card required.
Sign in →