AI Access Security
Use Application Filters for GenAI Apps
Table of Contents
Expand All
|
Collapse All
AI Access Security Docs
Use Application Filters for GenAI Apps
Create Application Filters to use in your policy rules in Strata Cloud Manager and
Panorama™ management server to control GenAI App usage in your organization.
Where Can I Use This? | What Do I Need? |
---|---|
|
One of the following:
|
Application filters dynamically group
applications based on the application attributes you define. You can use application
filters in your Security policy rules to control
access to GenAI apps based on the application attributes rather than explicitly
defining GenAI apps or application groups in your Security policy rule.
(Strata Cloud Manager only) AI Access Security includes the
following predefined GenAI application filters. The predefined application filters
are based on the supported AI Access Security
use cases.
- Audio Generator
- Conversational Agent
- Code Assistant & Generator
- Developer Platform
- Enterprise Search
- Image Editor & Generator
- Meeting Assistant
- Productivity Assistant
- Video Editor & Generator
- Writing Assistant
Use Application Filters for GenAI Apps on Strata Cloud Manager
Create Application Filters to use in your Security policy rules in Strata Cloud Manager to control GenAI app usage in your organization.
- Log in to Strata Cloud Manager.Select ManageConfigurationObjectsApplicationApplication Filters and Add Application Filter.Enter a descriptive Name.For the Tag select Generative AI.All GenAI apps inspected by NGFW or Prisma Access are tagged with genai when inspected. When creating a custom application filter for GenAI apps, Palo Alto Networks recommends selecting the Generative AI tag to ensure the Security policy rule the application filter is added to applies to GenAI app traffic.Configure additional Category Filters to narrow down the scope of impacted GenAI apps. Consider the following tags when creating your GenAI application filter.
- Risk—Specify the Risk score so the Security policy rule action only applies to GenAI apps with the selected risk score.For example, you want to write a Security policy rule to block access to all risky GenAI apps regardless of its use. In this case, you can create an application filter for GenAI apps 4 and 5 so the Security policy rule only applies to GenAI apps with these risk scores.
- Tag—Specify whether the Security policy rule action applies to GenAI apps tagged as Sanctioned, Tolerated, or Unsanctioned. Additionally, you can apply tags based on the GenAI app use case.For example, you want to write a Security policy rule to allow access to sanctioned Code Assistant & Generator GenAI apps. In this case, you can create an application filter that includes both the Sanctioned and Code Asistant & Generator tags so the Security policy rule only applies to GenAI apps with this application tag and that fall within the use case.
Review the list of Matching Applications.Save.Use Application Filters for GenAI Apps on Panorama
Create Application Filters to use in your Security policy rules on the Panorama™ management server to control GenAI app usage in your organization.- Log in to the Panorama™ management server web interface.Select ObjectsApplication Filters and Add a new application filter.Enter a descriptive Name.For the Tag select Generative AI.All GenAI apps inspected by NGFW or Prisma Access are tagged with genai when inspected. When creating a custom application filter for GenAI apps, Palo Alto Networks recommends selecting the Generative AI tag to ensure the Security policy rule the application filter is added to applies to GenAI app traffic.Configure additional Category Filters to narrow down the scope of impacted GenAI apps. Consider the following tags when creating your GenAI application filter.
- Risk—Specify the Risk score so the Security policy rule action only applies to GenAI apps with the selected risk score.For example, you want to write a Security policy rule to block access to all risky GenAI apps regardless of its use. In this case, you can create an application filter for GenAI apps 4 and 5 so the Security policy rule only applies to GenAI apps with these risk scores.
Review the list of matching applications.Click OK.Select Commit and Commit and Push your configuration changes.