Detect and Alert on Malicious Traffic: AI Security Log Viewer
Focus
Focus
AI Runtime Security

Detect and Alert on Malicious Traffic: AI Security Log Viewer

Table of Contents

Detect and Alert on Malicious Traffic: AI Security Log Viewer

Monitor the AI traffic flow between the user apps and AI models.
This page shows the use of AI Network flow logs to flag malicious traffic and correlate them with cloud assets discovered in the Strata Cloud Manager (SCM) Cloud Application Command Center.
Licensing Capacity Limit: Limited to processing up to 10K AI transactions per day per vCPU of AI Runtime Security instance.
Where Can I Use This?What Do I Need?
  • AI Runtime Security
  • Log in to SCM.
  • Select Incidents and Alerts → Log Viewer.
  • Select Firewall/AI Security.
For each security event (Block or Alert) triggered by the AI Security profile, the traffic logs between server and client are logged. For instance, Data Leak Detection, URL Security Detection, and Prompt Injection Detection logs. The log includes traffic details such as the AI model name, CSP region name, AI model CSP region name, AI incident type, incident subtype, and the AI security profile name. You can also find the session ID, source, and destination details.
Traffic Details
Click on a log to view the detailed traffic logs showing general information about the AI Runtime Security, including a session ID, the source and destination of the traffic, AI Security details such as the model name, the model CSP name, the incident type, and an incident report ID for troubleshooting.
AI Security Report
Switch to the AI Security Report tab to inspect the content of the AI traffic for specific AI threat logs:
  • The Model Protection displays logs for any detected prompt injection threats.
  • The Application Protection Shows URL categories and the specific URLs that triggered these categories.
  • The Data Protection Lists DLP data patterns that were triggered and the masked content that caused each pattern to trigger. These logs are categorized based on low, medium, and high-severity alerts.