Vaikora - Agent policy violation

Back


Id	54262ad1-f346-4246-a13f-9557595ff7bd
Rulename	Vaikora - Agent policy violation
Description	Identifies AI agent actions explicitly blocked by a Vaikora policy. Repeated violations from the same agent may indicate prompt injection, policy circumvention, or a compromised workflow.
Severity	Medium
Tactics	Impact DefenseEvasion
Techniques	T1078 T1562
Required data connectors	VaikoraSentinel
Kind	Scheduled
Query frequency	15m
Query period	1h
Trigger threshold	0
Trigger operator	GreaterThan
Source Uri	https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Vaikora-Sentinel/Analytic Rules/Vaikora - Agent Policy Violation.yaml
Version	1.0.0
Arm template	54262ad1-f346-4246-a13f-9557595ff7bd.json

KQL

Vaikora_AgentSignals_CL
| where TimeGenerated > ago(1h)
| where policy_decision_s == "block"
| summarize
    ViolationCount = count(),
    PolicyIds = make_set(policy_id_s),
    ActionTypes = make_set(action_type_s),
    ResourceTypes = make_set(resource_type_s),
    MaxAnomalyScore = max(anomaly_score_d),
    Severities = make_set(severity_s),
    LogHashes = make_set(log_hash_s)
  by AgentId = agent_id_s
| extend
    PolicyList = strcat_array(PolicyIds, ", "),
    ActionList = strcat_array(ActionTypes, ", "),
    ResourceList = strcat_array(ResourceTypes, ", ")
| where ViolationCount >= 1

YAML

entityMappings:
- entityType: Account
  fieldMappings:
  - identifier: Name
    columnName: AgentId
tactics:
- Impact
- DefenseEvasion
suppressionEnabled: false
suppressionDuration: 15m
requiredDataConnectors:
- dataTypes:
  - Vaikora_AgentSignals_CL
  connectorId: VaikoraSentinel
incidentConfiguration:
  groupingConfiguration:
    reopenClosedIncident: false
    lookbackDuration: 1h
    groupByEntities:
    - Account
    enabled: true
    matchingMethod: Selected
  createIncident: true
id: 54262ad1-f346-4246-a13f-9557595ff7bd
severity: Medium
eventGroupingSettings:
  aggregationKind: AlertPerResult
status: Available
customDetails:
  ViolationCount: ViolationCount
  MaxAnomalyScore: MaxAnomalyScore
  PolicyIds: PolicyList
  ActionTypes: ActionList
query: |
  Vaikora_AgentSignals_CL
  | where TimeGenerated > ago(1h)
  | where policy_decision_s == "block"
  | summarize
      ViolationCount = count(),
      PolicyIds = make_set(policy_id_s),
      ActionTypes = make_set(action_type_s),
      ResourceTypes = make_set(resource_type_s),
      MaxAnomalyScore = max(anomaly_score_d),
      Severities = make_set(severity_s),
      LogHashes = make_set(log_hash_s)
    by AgentId = agent_id_s
  | extend
      PolicyList = strcat_array(PolicyIds, ", "),
      ActionList = strcat_array(ActionTypes, ", "),
      ResourceList = strcat_array(ResourceTypes, ", ")
  | where ViolationCount >= 1  
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Vaikora-Sentinel/Analytic Rules/Vaikora - Agent Policy Violation.yaml
kind: Scheduled
queryPeriod: 1h
version: 1.0.0
name: Vaikora - Agent policy violation
queryFrequency: 15m
triggerThreshold: 0
relevantTechniques:
- T1078
- T1562
description: |
    Identifies AI agent actions explicitly blocked by a Vaikora policy. Repeated violations from the same agent may indicate prompt injection, policy circumvention, or a compromised workflow.
triggerOperator: GreaterThan

ARM