Splunk

AWS Bedrock Claude Cross Region Possible Inference Abuse

Last updated 2 days ago on 2026-07-17

About

This detection identifies potential cross-region inference abuse in AWS Bedrock Claude models. Cross-region inference abuse may indicate attempts to bypass regional restrictions, exfiltrate data, or perform unauthorized actions across different AWS regions.
Platform
Splunk
Tags
Data Source: SplunkDomain: ApplicationRule Type: QueryOS: Any
Severity
medium
Risk Score
47
References
https://aws.amazon.com/blogs/apn/unlocking-the-power-of-splunk-with-amazon-bedrock-an-agentic-ai-approach-to-build-customized-splunk-assistants-using-bedrock-agents/(external, opens in a new tab or window)https://help.splunk.com/en/splunk-observability-cloud/observability-for-ai/splunk-ai-infrastructure-monitoring/set-up-ai-infrastructure-monitoring/amazon-bedrock(external, opens in a new tab or window)https://research.splunk.com/stories/aws_bedrock_security/(external, opens in a new tab or window)https://docs.aws.amazon.com/bedrock/latest/userguide/model-invocation-logging.html(external, opens in a new tab or window)
False Positives
False positives may arise from legitimate use cases where users are accessing AWS Bedrock Claude models across different regions for valid reasons, such as multi-region deployments, testing, or development purposes. It is important to review the context of the detected events to determine if they represent actual abuse or benign usage.
Source
View on GitHub(external, opens in a new tab or window)

Definition

Rule Language
SPL
Rule Type
query
text code block:
`aws_bedrock_claude` | rename "identity.arn" AS user_arn | rename "input.inputTokenCount" AS input_tokens | rename "output.outputTokenCount" AS output_tokens | rex field=user_arn "assumed-role/[^/]+/(?<user>[^\"]+)$" | rex field="input.inputBodyJson.metadata.user_id" "(?<session_user>user_[^_]+.*)" | eval input_tokens=tonumber(input_tokens) | eval output_tokens=tonumber(output_tokens) | eval token_ratio=round(output_tokens / max(input_tokens,1), 2) | eval model_short=replace(modelId,"^.*/","") | eval mismatch_detail=region." -> ".inferenceRegion | where isnotnull(user_arn) AND len(user_arn)>10 | where isnotnull(session_user) | where region!=inferenceRegion | where input_tokens>=2000 | table _time, user, user_arn, session_user, model_short, input_tokens, output_tokens, token_ratio, mismatch_detail, operation, host | sort - input_tokens | `aws_bedrock_claude_cross_region_possible_inference_abuse_filter`

View this rule on Splunk

This rule was sourced from the official Splunk public repository. View the original rule on GitHub(external, opens in a new tab or window).