Rod’s Blog

Share this post

Monitor Azure Open AI Deployments with Microsoft Sentinel

rodtrent.substack.com

Monitor Azure Open AI Deployments with Microsoft Sentinel

Zeroing in

Rod Trent
Apr 20, 2023
4
Share this post

Monitor Azure Open AI Deployments with Microsoft Sentinel

rodtrent.substack.com
Share

Defender for Cloud Apps (MCAS) has had the ability to track the public Open AI version for some time, but recently Azure’s version of Open AI activity is also now being captured by this Defender tool. This is a great step forward in monitoring Azure Open AI. You can still dig through AzureActivity and AzureDiagnostics tables to locate Azure Open AI activity, but the Defender for Cloud Apps ability will help shortcut exposing alerts - particularly if you have it connected to Microsoft Sentinel.

You can find some continuing work being done to expose Azure Open AI activity through KQL queries here: https://github.com/rod-trent/OpenAISecurity/tree/main/Security/Sentinel/KQL

This post walks through the idea of identifying the Azure Open AI deployments in your environment to create a Microsoft Sentinel Watchlist, and then utilizing the CloudAppEvents table to expose activity.

Finding Azure Open AI Deployments

Use the following KQL query in Azure Resource Graph Explorer to locate all deployed Open AI instances so they can be added to a maintained Watchlist.

resources
| where type contains "microsoft.cognitiveservices" and kind == "OpenAI"
| project name, kind, location, resourceGroup

The most current version of this query will always be located here: https://github.com/rod-trent/OpenAISecurity/blob/main/Security/Sentinel/KQL/OpenAIInstances.kql

Watchlist Time

Create and maintain a Sentinel Watchlist with the deployed Azure Open AI instances. As shown, my Watchlist contains the instance name, the type, and the location (Azure region). The Resource Group is also contained in the results of the Azure Resource Graph Explorer query, so you might consider including that in your Watchlist, too (even though I didn’t).

Here’s a csv file you can edit and import to get your Watchlist started.

https://github.com/rod-trent/OpenAISecurity/blob/main/Security/Sentinel/Watchlists/OpenAI.csv

The following is an example of a KQL query that can be run to show who is accessing the instance. This queries against the CloudAppEvents table which means you need to be utilizing Defender for Cloud Apps and have it connected to Microsoft Sentinel through the connector/solution. As you can see, I’ve named my Watchlist “AzureOpenAI”.

let OpenAI = _GetWatchlist("AzureOpenAI")
| project Instance;
CloudAppEvents
| where ObjectName in (OpenAI)
| project AccountDisplayName, IPAddress, ISP, City, CountryCode

The most current version of this query will always be located here: https://github.com/rod-trent/OpenAISecurity/blob/main/Security/Sentinel/KQL/CloudAppEventsAzureOpenAIInstances.kql

Auto-updating the Watchlist

To ensure the Watchlist always contains the most up-to-date information on the Azure Open AI deployments in your environment, you should automate updating the Watchlist. I’ve put together a Logic App that will keep it updated.

The following image example is the workflow of the logic. It does the following:

  1. Runs every day.

  2. Uses the Azure Resource Graph Explorer query from before but this time as JSON (get the JSON formatted query here: https://github.com/rod-trent/OpenAISecurity/blob/main/Security/Sentinel/Watchlists/JSONQuery.json) to access the Graph API using a Managed Identity.

  3. Parses the result of the query. I’ve uploaded the schema you can use for the payload here: https://github.com/rod-trent/OpenAISecurity/blob/main/Security/Sentinel/Watchlists/ParseJSONSchema.json

  4. Connects to Microsoft Sentinel to update the Watchlist from the query results. I’ve uploaded the Watchlist Item fields format here: https://github.com/rod-trent/OpenAISecurity/blob/main/Security/Sentinel/Watchlists/WatchlistJSON.json

Next Steps

You can use the information here to generate a Microsoft Sentinel Analytics Rule to notify you when and if there’s Azure Open AI activity. But as you can imagine, as more and more organizations use Azure Open AI services, the amount of activity will increase and just a simple activity detection will need to be tuned to pick up very specific potentially nefarious activities.

I’ve started a reference of things I find in the data streams that seem important to monitor around Azure Open AI. You can find that information here:

https://github.com/rod-trent/OpenAISecurity/blob/main/Security/Sentinel/KQL/ThingstoMonitor.kql

Currently, it only contains things to monitor in the AzureDiagnostics table, but I’ll be adding AzureActivity and CloudAppEvents to it.

[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Microsoft Sentinel Newsletter]

[Subscribe to the Weekly Microsoft Defender Newsletter]

[Learn KQL with the Must Learn KQL series and book]

Rod’s Blog is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

4
Share this post

Monitor Azure Open AI Deployments with Microsoft Sentinel

rodtrent.substack.com
Share

Discussion about this post

No posts

Ready for more?

© 2024 Rod Trent
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture
Share