Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage

AIShield - Image classification model extraction vulnerability detection

Back
Id910b7d93-f1a0-4b76-9e32-593004c0fe85
RulenameAIShield - Image classification model extraction vulnerability detection
DescriptionThis alert creates an incident when Image classification model extraction vulnerability detected from the AIShield.
SeverityHigh
Required data connectorsBoschAIShield
KindScheduled
Query frequency1h
Query period1h
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AIShield AI Security Monitoring/Analytic Rules/ImageClassficationModelExtractionVulnDetection.yaml
Version1.0.2
Arm template910b7d93-f1a0-4b76-9e32-593004c0fe85.json
Deploy To Azure
AIShield
| where Message has 'Image Classification AI Model Extraction Attack Identified'
| where Severity =~ 'High'
eventGroupingSettings:
  aggregationKind: SingleAlert
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AIShield AI Security Monitoring/Analytic Rules/ImageClassficationModelExtractionVulnDetection.yaml
severity: High
name: AIShield - Image classification model extraction vulnerability detection
relevantTechniques: []
queryFrequency: 1h
triggerThreshold: 0
queryPeriod: 1h
description: |
    'This alert creates an incident when Image classification model extraction vulnerability detected from the AIShield.'
id: 910b7d93-f1a0-4b76-9e32-593004c0fe85
alertDetailsOverride:
  alertTacticsColumnName: 
  alertSeverityColumnName: Severity
  alertDescriptionFormat: |
        This query detects Image classification model theft vulnerability alert from AIShield generated at {{TimeGenerated}}\n\nPlease check the source for more information and investigate further.
  alertDisplayNameFormat: AIShield - Image classification model theft vulnerability detected.
version: 1.0.2
tactics: []
query: |
  AIShield
  | where Message has 'Image Classification AI Model Extraction Attack Identified'
  | where Severity =~ 'High'  
status: Available
kind: Scheduled
requiredDataConnectors:
- dataTypes:
  - AIShield
  connectorId: BoschAIShield
triggerOperator: gt
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workspace": {
      "type": "String"
    }
  },
  "resources": [
    {
      "id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/910b7d93-f1a0-4b76-9e32-593004c0fe85')]",
      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/910b7d93-f1a0-4b76-9e32-593004c0fe85')]",
      "type": "Microsoft.OperationalInsights/workspaces/providers/alertRules",
      "kind": "Scheduled",
      "apiVersion": "2022-11-01-preview",
      "properties": {
        "displayName": "AIShield - Image classification model extraction vulnerability detection",
        "description": "'This alert creates an incident when Image classification model extraction vulnerability detected from the AIShield.'\n",
        "severity": "High",
        "enabled": true,
        "query": "AIShield\n| where Message has 'Image Classification AI Model Extraction Attack Identified'\n| where Severity =~ 'High'\n",
        "queryFrequency": "PT1H",
        "queryPeriod": "PT1H",
        "triggerOperator": "GreaterThan",
        "triggerThreshold": 0,
        "suppressionDuration": "PT1H",
        "suppressionEnabled": false,
        "tactics": [],
        "techniques": [],
        "alertRuleTemplateName": "910b7d93-f1a0-4b76-9e32-593004c0fe85",
        "eventGroupingSettings": {
          "aggregationKind": "SingleAlert"
        },
        "alertDetailsOverride": {
          "alertTacticsColumnName": null,
          "alertSeverityColumnName": "Severity",
          "alertDescriptionFormat": "This query detects Image classification model theft vulnerability alert from AIShield generated at {{TimeGenerated}}\\n\\nPlease check the source for more information and investigate further.\n",
          "alertDisplayNameFormat": "AIShield - Image classification model theft vulnerability detected."
        },
        "customDetails": null,
        "entityMappings": null,
        "OriginalUri": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AIShield AI Security Monitoring/Analytic Rules/ImageClassficationModelExtractionVulnDetection.yaml",
        "templateVersion": "1.0.2",
        "status": "Available"
      }
    }
  ]
}