Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage

AIShield - Image classification model evasion vulnerability detection

Back
Id9896559f-f2ed-491b-9dbf-d7238d0734f1
RulenameAIShield - Image classification model evasion vulnerability detection
DescriptionThis alert creates an incident when Image classification model evasion vulnerability detected from the AIShield.
SeverityHigh
Required data connectorsBoschAIShield
KindScheduled
Query frequency1h
Query period1h
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AIShield AI Security Monitoring/Analytic Rules/ImageClassificationModelEvasionVulnDetection.yaml
Version1.0.0
Arm template9896559f-f2ed-491b-9dbf-d7238d0734f1.json
Deploy To Azure
AIShield
| where Message has 'Image Classification AI Model Evasion Attack Identified'
| where Severity =~ 'High'
version: 1.0.0
eventGroupingSettings:
  aggregationKind: SingleAlert
name: AIShield - Image classification model evasion vulnerability detection
severity: High
queryFrequency: 1h
kind: Scheduled
queryPeriod: 1h
description: |
    'This alert creates an incident when Image classification model evasion vulnerability detected from the AIShield.'
query: |
  AIShield
  | where Message has 'Image Classification AI Model Evasion Attack Identified'
  | where Severity =~ 'High'  
tactics: []
triggerOperator: gt
triggerThreshold: 0
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AIShield AI Security Monitoring/Analytic Rules/ImageClassificationModelEvasionVulnDetection.yaml
requiredDataConnectors:
- connectorId: BoschAIShield
  dataTypes:
  - AIShield
status: Available
relevantTechniques: []
alertDetailsOverride:
  alertDisplayNameFormat: AIShield - Image classification model evasion vulnerability detected.
  alertTacticsColumnName: 
  alertDescriptionFormat: |
        This query detects Image classification model evasion vulnerability alert from AIShield generated at {{TimeGenerated}}\n\nPlease check the source for more information and investigate further.
  alertSeverityColumnName: Severity
id: 9896559f-f2ed-491b-9dbf-d7238d0734f1
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workspace": {
      "type": "String"
    }
  },
  "resources": [
    {
      "id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/9896559f-f2ed-491b-9dbf-d7238d0734f1')]",
      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/9896559f-f2ed-491b-9dbf-d7238d0734f1')]",
      "type": "Microsoft.OperationalInsights/workspaces/providers/alertRules",
      "kind": "Scheduled",
      "apiVersion": "2022-11-01-preview",
      "properties": {
        "displayName": "AIShield - Image classification model evasion vulnerability detection",
        "description": "'This alert creates an incident when Image classification model evasion vulnerability detected from the AIShield.'\n",
        "severity": "High",
        "enabled": true,
        "query": "AIShield\n| where Message has 'Image Classification AI Model Evasion Attack Identified'\n| where Severity =~ 'High'\n",
        "queryFrequency": "PT1H",
        "queryPeriod": "PT1H",
        "triggerOperator": "GreaterThan",
        "triggerThreshold": 0,
        "suppressionDuration": "PT1H",
        "suppressionEnabled": false,
        "tactics": [],
        "techniques": [],
        "alertRuleTemplateName": "9896559f-f2ed-491b-9dbf-d7238d0734f1",
        "eventGroupingSettings": {
          "aggregationKind": "SingleAlert"
        },
        "alertDetailsOverride": {
          "alertDisplayNameFormat": "AIShield - Image classification model evasion vulnerability detected.",
          "alertTacticsColumnName": null,
          "alertDescriptionFormat": "This query detects Image classification model evasion vulnerability alert from AIShield generated at {{TimeGenerated}}\\n\\nPlease check the source for more information and investigate further.\n",
          "alertSeverityColumnName": "Severity"
        },
        "customDetails": null,
        "entityMappings": null,
        "templateVersion": "1.0.0",
        "status": "Available",
        "OriginalUri": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AIShield AI Security Monitoring/Analytic Rules/ImageClassificationModelEvasionVulnDetection.yaml"
      }
    }
  ]
}