Discover Risks Posed by GenAI Apps by Use Case

Log in to
Strata Cloud Manager
.
Select
Insights
AI Access
to view the
AI Access Security
Insights dashboard.
The
AI Access Security
Insights dashboard displays GenAI application usage on your network by use case by default as well as the following high-level information about your top GenAI use cases:
1. Time Filter
Filter your GenAI use case breakdown for the time period you want to investigate. You can select
Past 1 Hour
,
Past 3 Hours
,
Past 24 Hours
,
Past 7 Days
, or
Past 30 Days
.
2. Top Use Cases
The
AI Access Security
Insights dashboard dynamically displays the top four GenAI app use cases based on activity on your network. This allows you to quickly investigate security incidents related to your most widely used GenAI apps and implement access control policy rules.
Applications
—Total number of GenAI apps that fall into the particular use case. A line graph provides an at-a-glance breakdown of Sanctioned, Tolerated, and Unsanctioned GenAI apps.
Users
—Total number of users who accessed any GenAI app that falls into the particular use cases.
3. All Other Use Cases
Applications
—Total number of GenAI apps that fall into any other GenAI app use case. A line graph provides an at-a-glance breakdown of Sanctioned, Tolerated, and Unsanctioned GenAI apps.
Users
—Total number of users who have accessed any GenAI app that falls into any other GenAI app use case.
4. Threats Detected
Threats are detected by the Vulnerability Protection profile attached to the Web Security policy rule. This profile detects threats such as malicious and phishing URLs, malicious files, or malware. The
Threats Detected
is a summary of all threats across all GenAI apps and enforcement points.
Alerted
—Total number of threats detected that generated an alert.
Blocked
—Total number of threats detected that were blocked by your
NGFW
or
Prisma Access
tenants.
5. Sensitive Data Detected
Sensitive data is detected when traffic matches the match criteria in your
Enterprise Data Loss Prevention (E-DLP)
data profile.
Alerted
—Total number of DLP Incidents that generated an alert.
Blocked
—Total number of DLP incidents that were blocked by your
NGFW
s or
Prisma Access
tenants.
Review use case
to see a detailed breakdown of all Sanctioned, Tolerated, and Unsanctioned GenAI apps in the use case you're interested in.
Review the use case details page to understand GenAI applications usage.
The use case details page provides granular data about the GenAI app usage. You can use this information to understand GenAI app usage to help inform you of what policy rules your security administrators need to write to strengthen your security posture. This ensures that your organization is safely adopting GenAI apps and to prevent exfiltration of sensitive data.
1. Use Case Summary
The use case summary aggregates all important GenAI app usage information for the use case you're investigating.
Most Used Applications
—The most used GenAI application for the use case. This also includes the application tag (
Sanctioned
,
Tolerated
, or
Unsanctioned
) currently assigned to the GenAI app.
Application Breakdown
—Summary of the total number of GenAI apps associated with the use case as well as a summary of the application tags across all detected GenAI apps.
User Breakdown
—Summary of the total number of users who accessed any of the GenAI apps associated with the use case. A summary of how many users accessed
Sanctioned
,
Tolerated
, or
Unsanctioned
GenAI apps is also provided.
2. Applications
A list of all GenAI apps associated with the use case accessed by your users. You can apply a
Sort By
filter to the use case GenAI apps to sort them by
User Count
,
Threats Count
,
Transferred Count
. GenAI apps are sorted from highest to lowest count.
The applications list displays the following information about each GenAI app detected.
Application Name
—Name of the detected GenAI app. Click the app name to view detailed usage information. You're redirected to the Activity Insights
Applications
Tag
—Current GenAI application tag. You can apply a new tag by clicking the tag you want to apply.
Palo Alto Networks
groups the child app-IDs for app functionality in a container App-ID. However, tagging an App-ID container is not supported. You must individually tag the specific child App-ID that are sanctioned, unsanctioned, or tolerated within your organization.
Users
—Total number of users who accessed the GenAI app. Click the user count to see a list of all the users.
Threats
—Total number of detected threat activity.
Transferred
—Total amount of data in gigabyte (GB) uploaded to or downloaded from the GenAI app.
Sensitive Asset
—Number of DLP incidents generated due to sensitive data detected and blocked by
Enterprise Data Loss Prevention (E-DLP)
.
Enterprise Available
—Indicates whether the GenAI app offers an enterprise plan or license schema.
Data Used in ML
—Indicates whether the GenAI app uses user-uploaded data for training purposes.
Risk Score
—Risk score of the GenAI app.
3. Use Case Highlights
Applications
—Total number of GenAI apps that fall into any other GenAI app use case. A line graph provides an at-a-glance breakdown of Sanctioned, Tolerated, and Unsanctioned GenAI apps.
Users
—Total number of users who have accessed any GenAI app that falls into any other GenAI app use case.
4. Rules
The
Rules
section displays a list of all default and custom policy rules written to target the GenAI apps associated with the use case. Policy rules written to both allow and block traffic to GenAI apps are listed here.
5. Recommended Actions
Alerted
—Total number of DLP Incidents that generated an
Alert
across all GenAI apps associated with the use case.
Blocked
—Total number of DLP incidents that were
Blocked
across all GenAI apps associated with the use case.
Create a custom Security policy rule to control access to a GenAI application.
In the example above,
Openai-Base
is the most used GenAI app in the
Code Assistant & Generator
use case. Additionally, this is an
Unsanctioned
application and indicates this an application not approved for use on your corporate network.
In this case, you can modify the default GenAI access policy rule to explicitly block all access to
OpenAI
if this is an application your organization should not access.