Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage

AIShield - Image classification model evasion vulnerability detection

Back
Id9896559f-f2ed-491b-9dbf-d7238d0734f1
RulenameAIShield - Image classification model evasion vulnerability detection
DescriptionThis alert creates an incident when Image classification model evasion vulnerability detected from the AIShield.
SeverityHigh
Required data connectorsBoschAIShield
KindScheduled
Query frequency1h
Query period1h
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AIShield AI Security Monitoring/Analytic Rules/ImageClassificationModelEvasionVulnDetection.yaml
Version1.0.0
Arm template9896559f-f2ed-491b-9dbf-d7238d0734f1.json
Deploy To Azure
AIShield
| where Message has 'Image Classification AI Model Evasion Attack Identified'
| where Severity =~ 'High'
queryFrequency: 1h
severity: High
triggerThreshold: 0
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AIShield AI Security Monitoring/Analytic Rules/ImageClassificationModelEvasionVulnDetection.yaml
relevantTechniques: []
query: |
  AIShield
  | where Message has 'Image Classification AI Model Evasion Attack Identified'
  | where Severity =~ 'High'  
id: 9896559f-f2ed-491b-9dbf-d7238d0734f1
triggerOperator: gt
version: 1.0.0
requiredDataConnectors:
- connectorId: BoschAIShield
  dataTypes:
  - AIShield
eventGroupingSettings:
  aggregationKind: SingleAlert
description: |
    'This alert creates an incident when Image classification model evasion vulnerability detected from the AIShield.'
queryPeriod: 1h
alertDetailsOverride:
  alertSeverityColumnName: Severity
  alertDescriptionFormat: |
        This query detects Image classification model evasion vulnerability alert from AIShield generated at {{TimeGenerated}}\n\nPlease check the source for more information and investigate further.
  alertTacticsColumnName: 
  alertDisplayNameFormat: AIShield - Image classification model evasion vulnerability detected.
status: Available
name: AIShield - Image classification model evasion vulnerability detection
tactics: []
kind: Scheduled
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workspace": {
      "type": "String"
    }
  },
  "resources": [
    {
      "id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/9896559f-f2ed-491b-9dbf-d7238d0734f1')]",
      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/9896559f-f2ed-491b-9dbf-d7238d0734f1')]",
      "type": "Microsoft.OperationalInsights/workspaces/providers/alertRules",
      "kind": "Scheduled",
      "apiVersion": "2022-11-01",
      "properties": {
        "displayName": "AIShield - Image classification model evasion vulnerability detection",
        "description": "'This alert creates an incident when Image classification model evasion vulnerability detected from the AIShield.'\n",
        "severity": "High",
        "enabled": true,
        "query": "AIShield\n| where Message has 'Image Classification AI Model Evasion Attack Identified'\n| where Severity =~ 'High'\n",
        "queryFrequency": "PT1H",
        "queryPeriod": "PT1H",
        "triggerOperator": "GreaterThan",
        "triggerThreshold": 0,
        "suppressionDuration": "PT1H",
        "suppressionEnabled": false,
        "tactics": [],
        "techniques": [],
        "alertRuleTemplateName": "9896559f-f2ed-491b-9dbf-d7238d0734f1",
        "eventGroupingSettings": {
          "aggregationKind": "SingleAlert"
        },
        "alertDetailsOverride": {
          "alertSeverityColumnName": "Severity",
          "alertDisplayNameFormat": "AIShield - Image classification model evasion vulnerability detected.",
          "alertTacticsColumnName": null,
          "alertDescriptionFormat": "This query detects Image classification model evasion vulnerability alert from AIShield generated at {{TimeGenerated}}\\n\\nPlease check the source for more information and investigate further.\n"
        },
        "customDetails": null,
        "entityMappings": null,
        "OriginalUri": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AIShield AI Security Monitoring/Analytic Rules/ImageClassificationModelEvasionVulnDetection.yaml",
        "templateVersion": "1.0.0",
        "status": "Available"
      }
    }
  ]
}