text code block:`aws_bedrock_claude` | rename "identity.arn" AS user_arn, "input.inputBodyJson.messages{}.content{}.text" AS prompt_mv | eval prompt_text = mvjoin(prompt_mv, " || ") | where isnotnull(prompt_text) AND isnotnull(user_arn) | rex field=user_arn "(?:assumed-role/[^/]+|user)/(?<user>[^\"/]+)$" | eval s_override = if(match(prompt_text,"(?i)\b(ignore|disregard|forget)\b.{0,30}\b(previous|above|prior|all|your|the)\s*(instructions?|prompts?|rules?|context)"),1,0) | eval s_jailbreak = if(match(prompt_text,"(?i)\b(jailbreak|jailbroken|\bDAN\b mode|do anything now|developer mode|unrestricted mode|no (filters|restrictions|guardrails))\b"),1,0) | eval s_probe = if(match(prompt_text,"(?i)(reveal|repeat|print|show|output).{0,20}(system prompt|your instructions|initial (prompt|instructions)|the (text|words) above)"),1,0) | eval s_persona = if(match(prompt_text,"(?i)\b(you are now|new persona|pretend (to be|you are)|roleplay as|act as (if you|an unrestricted))\b"),1,0) | eval s_weak = if(match(prompt_text,"(?i)\b(you must|from now on|act as|override|new rules|hypothetically)\b"),1,0) | eval signal_count = s_override+s_jailbreak+s_probe+s_persona+s_weak | where s_override=1 OR s_jailbreak=1 OR s_probe=1 OR signal_count >= 2 | table _time, user, user_arn, modelId, prompt_text, host | sort - _time | `aws_bedrock_claude_possible_prompt_injection_filter`
View this rule on Splunk
This rule was sourced from the official Splunk public repository. View the original rule on GitHub(external, opens in a new tab or window).