Amazon Bedrock

We have integrated Amazon Bedrock's AI functionality into our solution for two purposes:

1. Helping create custom data classification regular expression (RegEx) rules

2. When Malware is discovered you can “Ask Bedrock” for more information on the finding

Amazon Bedrock Integration for Custom Classification Rules

Effective data classification requires policies and rulesets that are written for particular types of information. Yet, crafting RegEx policies is often challenging because the syntax can be complex and dense. Our integration with Amazon Bedrock simplifies this process by leveraging the power of artificial intelligence. All you need to do is enter a simple text prompt to identify patterns or text and the exact value you need for the rule will be created.

To get started, you’ll need to enable the Amazon Bedrock integration. Then you can navigate to Configuration in the navigation of your AV console and click on Classification Custom Rules. From there, click the “Create Rule” button. In the popup, enter a name and description, then click on “Create expression using Amazon Bedrock” to have the RegEx built for you.

For example, to create a RegEx rule that identifies certain credit card numbers, enter the Prompt “create a regular expression that discovers all American Express credit card numbers”. Then select Send Prompt to generate a RegEx rule that can be used. Each response is accompanied by an explanation of the RegEx. Click “save”.

If you’re a RegEx pro, custom classification rules can be created without the assistance of Bedrock—simply enter the regular expression, add a name plus description, and hit “save” to create the rule.

Amazon Bedrock Integration for Malware Definitions & Remediation

Suspicious or malicious files can be cryptic, requiring additional analysis to understand what the malware does and its level of impact. Yet, using tools like Google search or VirusTotal to get that additional context can slow down an investigation, require data transfers, or increase potential for manual error.

Now, customers can “Ask Bedrock” by utilizing our integration with Amazon Bedrock to analyze found malware and obtain risk mitigation strategies in just a few seconds. No need to worry about data that’s transferred over the public internet or sent to a third party because the Bedrock instance runs in your account. Malware forensics includes, but is not limited to, information about:

• What strain of malware has been detected

• If executed, what actions that piece of malware could take

• What to do to properly remediate the threat

To access this information, Amazon Bedrock must be enabled. To use this feature, navigate to the Findings page in the main menu of the CSS console, click the three dots on the right side of any finding and select “Show Amazon Bedrock Analysis”.

Enabling Amazon Bedrock and Supported Regions

This integration is disabled by default but you can enable it by going to Configuration > AWS Integrations. From there you can click the toggle to turn it on.

The console must be deployed in one of the following regions to have access to Bedrock:

• US East (N. Virginia)

• US West (Oregon)

• Asia Pacific (Tokyo)

• Europe (Frankfurt)

• AWS GovCloud (US-West)