Ollama TA detections #3710
Open
Ollama TA detections #3710
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| source: server.log | ||
| supported_TA: | ||
| - name: Splunk TA for Ollama | ||
| url: https://github.com/rosplk/ta-ollama |
There was a problem hiding this comment.
Can we add this TA to contentctl.yml and upload it to S3. Shouldn't the version be 1.0.0
| version: 1 | ||
| date: '2025-10-05' | ||
| author: Rod Soto, Splunk | ||
| description: Ollama server logs |
There was a problem hiding this comment.
can we improve this text and describe these in more details, how to onboard them etc
| @@ -0,0 +1,111 @@ | |||
| name: Ollama Server Data | |||
There was a problem hiding this comment.
rename to Ollama Server
| | eval attack_type="Abnormal Network Activity" | ||
| | table last_incident, host, incidents, src_ip, warning_messages, severity, attack_type | ||
| | `ollama_abnormal_network_connectivity_filter`' | ||
| how_to_implement: Ingest Ollama logs via Splunk TA. This can be done by monitoring local ollama directories or via SPLUNK HEC shipping. |
There was a problem hiding this comment.
Please add more details to how_to_implement for all the yamls
| earliest_offset: $info_min_time$ | ||
| latest_offset: $info_max_time$ | ||
| rba: | ||
| message: Abnormal network activity detected on $host$ with $incidents$ incidents including non-localhost API access from $src_ip$ and network errors $warning_messages$, potentially indicating unauthorized access attempts, network-based reconnaissance, or infrastructure connectivity exploitation. |
There was a problem hiding this comment.
Lets keep these message field short and concise - for all detections
| description: Detects critical service crashes, fatal errors, and abnormal process terminations in Ollama that may indicate exploitation attempts, resource exhaustion attacks, malicious input triggering unhandled exceptions, or deliberate denial of service attacks designed to disrupt AI model availability and degrade system stability. | ||
| data_source: | ||
| - Ollama Server Data | ||
| search: '`ollama_server` level=ERROR ("exited" OR "exit status" OR "crashed" OR "fatal" OR "panic") | stats count by err msg host _time | `ollama_abnormal_service_crash_availability_attack_filter`' |
There was a problem hiding this comment.
("exited" OR "exit status" OR "crashed" OR "fatal" OR "panic") - these fields are not parsed into a key: value pair?
| earliest_offset: $info_min_time$ | ||
| latest_offset: $info_max_time$ | ||
| rba: | ||
| message: 'Abnormal Ollama service termination detected on host $host$ at $_time$. The service encountered a critical error $msg$. This unexpected shutdown could indicate a denial-of-service attack, resource exhaustion, malicious model injection, or system instability. Local LLM service disruptions may impact dependent applications and workflows. Total occurrences: $count$. Immediate investigation is required to determine the root cause, assess potential security implications, and restore service availability.' |
| rba: | ||
| message: Abnormal network activity detected on $host$ with $incidents$ incidents including non-localhost API access from $src_ip$ and network errors $warning_messages$, potentially indicating unauthorized access attempts, network-based reconnaissance, or infrastructure connectivity exploitation. | ||
| risk_objects: | ||
| - field: src_ip |
There was a problem hiding this comment.
Should be host as risk object and src_ip as threat_object , no?
| references: | ||
| - https://github.com/rosplk/ta-ollama | ||
| drilldown_searches: | ||
| - name: View the detection results for - "$src_ip$" |
There was a problem hiding this comment.
Lets use
| | eval last_incident=strftime(last_incident, "%Y-%m-%d %H:%M:%S") | ||
| | eval severity="medium" | ||
| | eval attack_type="Abnormal Network Activity" | ||
| | table last_incident, host, incidents, src_ip, warning_messages, severity, attack_type |
There was a problem hiding this comment.
Can we use dest instead of host in all these detections
| rba: | ||
| message: Abnormal network activity detected on $host$ with $incidents$ incidents including non-localhost API access from $src_ip$ and network errors $warning_messages$, potentially indicating unauthorized access attempts, network-based reconnaissance, or infrastructure connectivity exploitation. | ||
| risk_objects: | ||
| - field: src_ip |
There was a problem hiding this comment.
use dest in the SPL and dest in risk_object, src_ip would be a threat_object
| type: TTP | ||
| description: Detects abnormal network activity and connectivity issues in Ollama including non-localhost API access attempts and warning-level network errors such as DNS lookup failures, TCP connection issues, or host resolution problems that may indicate network-based attacks, unauthorized access attempts, or infrastructure reconnaissance activity. | ||
| data_source: | ||
| - Ollama Server Data |
There was a problem hiding this comment.
Ollama Server Logs - ALL detections
| @@ -0,0 +1,3 @@ | |||
| definition: (index=* sourcetype="ollama:server") | |||
| description: Leverage advanced Splunk searches to detect and investigate suspicious activities targeting Ollama local LLM frameworki, including prompt injection attacks, information extraction attempts, compliance violations, and anomalous user behaviors. | ||
| narrative: Modern adversaries targeting Ollama deployments employ increasingly sophisticated techniques that mirror traditional malware campaigns. Our detection framework identifies multi-stage attacks where threat actors use obfuscated prompts, layered social engineering, and persistent manipulation techniques to compromise local model security controls. These attacks often involve initial reconnaissance through seemingly benign API requests, followed by escalated attempts to extract model weights, manipulate Modelfile configurations, or establish persistent behavioral modifications through custom model injection. | ||
| references: | ||
| - https://github.com/rosplk/ta-ollama |
There was a problem hiding this comment.
Lets add more refereces to available public research
| `ollama_server` "GIN" | ||
| | bin _time span=5m | ||
| | stats count as request_count by _time, src_ip, host | ||
| | where request_count > 1 |
There was a problem hiding this comment.
I think we should perhaps look for higher than 10 or 25
| | rex field=_raw "\|\s+(?<status_code>\d{3})\s+\|" | eval client_ip = src_ip | ||
| | bin _time span=5m | ||
| | stats count as total_requests, dc(endpoint) as unique_endpoints, values(endpoint) as endpoints, values(http_method) as methods, values(status_code) as status_codes by _time, src_ip, host | ||
| | where unique_endpoints > 1 OR (unique_endpoints > 2 AND match(methods, "HEAD")) |
There was a problem hiding this comment.
should look more higher number?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
upcoming release you will need TA to test them. DO NOT MERGE