Use Application Filters for GenAI Apps on

Strata Cloud Manager

Log in to
Strata Cloud Manager
.
Select
Manage
Configuration
Objects
Application
Application Filters
and
Add Application Filter
.
Enter a descriptive
Name
.
For the
Tag
select
Generative AI
.
All GenAI apps inspected by
NGFW
or
Prisma Access
are tagged with
genai
when inspected. When creating a custom application filter for GenAI apps,
Palo Alto Networks
recommends selecting the
Generative AI
tag to ensure the Security policy rule the application filter is added to applies to GenAI app traffic.
Configure additional
Category Filters
to narrow down the scope of impacted GenAI apps. Consider the following tags when creating your GenAI application filter.
Risk
—Specify the
Risk
score so the Security policy rule action only applies to GenAI apps with the selected risk score.
For example, you want to write a Security policy rule to block access to all risky GenAI apps regardless of its use. In this case, you can create an application filter for GenAI apps
4
and
5
so the Security policy rule only applies to GenAI apps with these risk scores.
Tag
—Specify whether the Security policy rule action applies to GenAI apps tagged as
Sanctioned
,
Tolerated
, or
Unsanctioned
. Additionally, you can apply tags based on the GenAI app use case.
For example, you want to write a Security policy rule to allow access to sanctioned Code Assistant & Generator GenAI apps. In this case, you can create an application filter that includes both the
Sanctioned
and
Code Asistant & Generator
tags so the Security policy rule only applies to GenAI apps with this application tag and that fall within the use case.
Review the list of
Matching Applications
.
Save
.
Push Config
and
Push
.
Create Custom Security Policy Rules to Control GenAI Access.