Amazon Bedrock Model Invocation

Overview

Panther supports ingesting Amazon Bedrock model invocation logs via AWS CloudWatch or AWS S3.

How to onboard Amazon Bedrock model invocation logs to Panther

To pull Amazon Bedrock model invocation logs into Panther, follow the Monitor model invocation using CloudWatch Logs and Amazon S3 AWS documentation to configure Bedrock model invocation logs to be sent to either CloudWatch or an S3 bucket.

Then, set up a new log source in the Panther Console to stream data from your AWS account:

1. In the left-hand navigation bar of your Panther Console, click Configure > Log Sources.

2. Click Create New.

3. Search for "Bedrock Model Invocation," then click its tile.

4. In the Transport Mechanism drop-down, select the Data Transport method you wish to use for this integration: AWS S3 Bucket or AWS CloudWatch Logs.

5. Click Start Setup.

6. Follow Panther’s documentation for configuring S3 for data transport or Panther's documentation for configuring CloudWatch for data transport.

Panther-managed detections

See Panther-managed rules for Amazon Bedrock model invocation in the panther-analysis GitHub repository.

Supported Amazon Bedrock model invocation logs

AWS.BedrockModelInvocation

You can use model invocation logging to collect invocation logs, model input data, and model output data for all invocations in your AWS account used in Amazon Bedrock in a Region. See the AWS Monitor model invocation using CloudWatch Logs and Amazon S3 documentation for more details.