Guardian- Racial Bias Policy Violation Detection

Back


Id	46103101-43d9-4c09-b8c8-898dcafe73c0
Rulename	Guardian- Racial Bias Policy Violation Detection
Description	This alert creates an incident when Racial Bias Policy Violation detected from the Guardian.
Severity	Low
Required data connectors	BoschAIShield
Kind	Scheduled
Query frequency	1h
Query period	1h
Trigger threshold	0
Trigger operator	gt
Source Uri	https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AIShield AI Security Monitoring/Analytic Rules/RacialBiasVulDetection.yaml
Version	1.0.0
Arm template	46103101-43d9-4c09-b8c8-898dcafe73c0.json

KQL

Guardian
| where PolicyViolatedControlFeature =~ 'Racial Bias'
| where Severity =~ 'Low'

YAML

entityMappings:
- entityType: Host
  fieldMappings:
  - columnName: HostName
    identifier: HostName
  - columnName: NTDomain
    identifier: NTDomain
- entityType: IP
  fieldMappings:
  - columnName: SourceIP
    identifier: Address
eventGroupingSettings:
  aggregationKind: SingleAlert
id: 46103101-43d9-4c09-b8c8-898dcafe73c0
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AIShield AI Security Monitoring/Analytic Rules/RacialBiasVulDetection.yaml
severity: Low
kind: Scheduled
query: |
  Guardian
  | where PolicyViolatedControlFeature =~ 'Racial Bias'
  | where Severity =~ 'Low'  
requiredDataConnectors:
- dataTypes:
  - Guardian
  connectorId: BoschAIShield
queryPeriod: 1h
alertDetailsOverride:
  alertSeverityColumnName: Severity
  alertDescriptionFormat: |
        This query detects Racial Bias Policy Violation detected from the Guardian generated at {{TimeGenerated}}.\n\nPlease check the source for more information and investigate further.
  alertDisplayNameFormat: Guardian- Racial Bias Policy Violation detection
  alertTacticsColumnName: 
queryFrequency: 1h
triggerOperator: gt
status: Available
tactics: []
description: |
    'This alert creates an incident when Racial Bias Policy Violation detected from the Guardian.'
name: Guardian- Racial Bias Policy Violation Detection
relevantTechniques: []
version: 1.0.0
triggerThreshold: 0

ARM

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workspace": {
      "type": "String"
    }
  },
  "resources": [
    {
      "apiVersion": "2024-01-01-preview",
      "id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/46103101-43d9-4c09-b8c8-898dcafe73c0')]",
      "kind": "Scheduled",
      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/46103101-43d9-4c09-b8c8-898dcafe73c0')]",
      "properties": {
        "alertDetailsOverride": {
          "alertDescriptionFormat": "This query detects Racial Bias Policy Violation detected from the Guardian generated at {{TimeGenerated}}.\\n\\nPlease check the source for more information and investigate further.\n",
          "alertDisplayNameFormat": "Guardian- Racial Bias Policy Violation detection",
          "alertSeverityColumnName": "Severity",
          "alertTacticsColumnName": null
        },
        "alertRuleTemplateName": "46103101-43d9-4c09-b8c8-898dcafe73c0",
        "customDetails": null,
        "description": "'This alert creates an incident when Racial Bias Policy Violation detected from the Guardian.'\n",
        "displayName": "Guardian- Racial Bias Policy Violation Detection",
        "enabled": true,
        "entityMappings": [
          {
            "entityType": "Host",
            "fieldMappings": [
              {
                "columnName": "HostName",
                "identifier": "HostName"
              },
              {
                "columnName": "NTDomain",
                "identifier": "NTDomain"
              }
            ]
          },
          {
            "entityType": "IP",
            "fieldMappings": [
              {
                "columnName": "SourceIP",
                "identifier": "Address"
              }
            ]
          }
        ],
        "eventGroupingSettings": {
          "aggregationKind": "SingleAlert"
        },
        "OriginalUri": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AIShield AI Security Monitoring/Analytic Rules/RacialBiasVulDetection.yaml",
        "query": "Guardian\n| where PolicyViolatedControlFeature =~ 'Racial Bias'\n| where Severity =~ 'Low'\n",
        "queryFrequency": "PT1H",
        "queryPeriod": "PT1H",
        "severity": "Low",
        "status": "Available",
        "subTechniques": [],
        "suppressionDuration": "PT1H",
        "suppressionEnabled": false,
        "tactics": [],
        "techniques": [],
        "templateVersion": "1.0.0",
        "triggerOperator": "GreaterThan",
        "triggerThreshold": 0
      },
      "type": "Microsoft.OperationalInsights/workspaces/providers/alertRules"
    }
  ]
}