You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An AWS Bedrock Agent has been created in the environment by a Role seen for the first time since the baseline period. If this role is not expected in the environment and was not originally assigned IAM rights to Bedrock, this activity could be indicative of privilege escalation. Bedrock Agents can be configured with various parameters to build AI applications. Take a look at the "responseElements.agent.agentName" field to see the name of the agent being created. Ensure that the user creating the agent is authorized to develop AI applications within the environment.
Additional Details
Detail
Value
Type
First Seen
Category
Discovery
Apply Risk to Entities
user_username
Signal Name
First Seen Role Creating AWS Bedrock Agent: {{user_role}}
Summary Expression
{{user_username}} has created a Bedrock Agent with a role not seen since the baseline period: {{user_role}} from IP: {{device_ip}}