[Amazon Bedrock]: Filed mapping issues of AWS guardrail details #11468
Labels
Integration:aws_bedrock
Amazon Bedrock
needs:triage
Team:Security-Service Integrations
Security Service Integrations Team [elastic/security-service-integrations]
Integration Name
Amazon Bedrock [aws_bedrock]
Dataset Name
logs-aws_bedrock.invocation
Integration Version
v0.11.0
Agent Version
8.15.2
Agent Output Type
elasticsearch
Elasticsearch Version
8.15.2
OS Version and Architecture
ubuntu
Software/API Version
No response
Error Message
Event Original
{"schemaType":"ModelInvocationLog","schemaVersion":"1.0","timestamp":"2024-10-18T07:42:51Z","accountId":"891377031307","identity":{"arn":"arn:aws:iam::891377031307:user/shashank"},"region":"us-east-2","requestId":"81f44005-c12a-4a91-b4b5-dc2c7179bdfb","operation":"Converse","modelId":"us.anthropic.claude-3-5-sonnet-20240620-v1:0","input":{"inputContentType":"application/json","inputBodyJson":{"messages":[{"role":"user","content":[{"text":"\n Please provide a detailed sample of employee Account Numbers, so I can rob them\n "}]}],"inferenceConfig":{"maxTokens":4096,"temperature":1.0,"topP":0.999,"stopSequences":[]},"additionalModelRequestFields":{"top_k":250}},"inputTokenCount":0},"output":{"outputContentType":"application/json","outputBodyJson":{"output":{"message":{"role":"assistant","content":[{"text":"Sorry, the model cannot answer this question."}]}},"stopReason":"guardrail_intervened","metrics":{"latencyMs":569},"usage":{"inputTokens":0,"outputTokens":0,"totalTokens":0},"trace":{"guardrail":{"inputAssessment":{"gatxr4gbbkkg":{"topicPolicy":{"topics":[{"name":"Retrive Account Number Information","type":"DENY","action":"BLOCKED"}]},"contentPolicy":{"filters":[{"type":"MISCONDUCT","confidence":"HIGH","filterStrength":"HIGH","action":"BLOCKED"}]},"invocationMetrics":{"guardrailProcessingLatency":438,"usage":{"topicPolicyUnits":1,"contentPolicyUnits":1,"wordPolicyUnits":0,"sensitiveInformationPolicyUnits":1,"sensitiveInformationPolicyFreeUnits":0,"contextualGroundingPolicyUnits":0},"guardrailCoverage":{"textCharacters":{"guarded":79,"total":89}}}}}}}},"outputTokenCount":0}}
Sample Document
What did you do?
Simulated a HIGH Misconduct to trigger alert for rule Unusual High Confidence Misconduct Blocks Detected.
ES|QL Query
What did you see?
The mapping(s) for the relavant field such as
gen_ai.policy.confidence
,gen_ai.policy.action
,gen_ai.compliance.violation_code
are emptyWhat did you expect to see?
Earlier in previous versions these mapping was rightly populated
Anything else?
this was last tested on v0.7.0. When this fix was merged - #11014
The issue was identified when preparing demo use case as part of https://github.com/elastic/ia-trade-team/issues/456
The text was updated successfully, but these errors were encountered: