>
    Use Application Filters for GenAI Apps
    Focus
    Download PDF
    Focus
    1. Home
    2. AI Access Security
    3. Use Application Filters for GenAI Apps
    Download PDF
    AI Access Security

    Use Application Filters for GenAI Apps

    Table of Contents

    Use Application Filters for GenAI Apps

    Create Application Filters to use in your policy rules in
    Strata Cloud Manager
     and
    Panorama™ management server
     to control GenAI App usage in your organization.
    Where Can I Use This?
    What Do I Need?
    • NGFW (Managed by Panorama or Strata Cloud Manager)
    • Prisma Access (Managed by Panorama or Strata Cloud Manager)
    One of the following:
    • AI Access Security
       license
    • CASB-PA license
    • CASB-X
       license
    Application filters dynamically group applications based on the application attributes you define. You can use application filters in your Security policy rules to control access to GenAI apps based on the application attributes rather than explicitly defining GenAI apps or application groups in your Security policy rule.
    (
    Strata Cloud Manager
     only
    )
    AI Access Security
     includes the following predefined GenAI application filters. The predefined application filters are based on the supported
    AI Access Security
     use cases.
    • Audio Generator
    • Conversational Agent
    • Code Assistant & Generator
    • Developer Platform
    • Enterprise Search
    • Image Editor & Generator
    • Meeting Assistant
    • Productivity Assistant
    • Video Editor & Generator
    • Writing Assistant

    Use Application Filters for GenAI Apps on
    Strata Cloud Manager

    Create Application Filters to use in your Security policy rules in
    Strata Cloud Manager
     to control GenAI app usage in your organization.
    1. Log in to
      Strata Cloud Manager
      .
    2. Select
      Manage
      Configuration
      Objects
      Application
      Application Filters
       and
      Add Application Filter
      .
    3. Enter a descriptive
      Name
      .
    4. For the
      Tag
       select
      Generative AI
      .
      All GenAI apps inspected by
      NGFW
       or
      Prisma Access
       are tagged with
      genai
       when inspected. When creating a custom application filter for GenAI apps,
      Palo Alto Networks
       recommends selecting the
      Generative AI
       tag to ensure the Security policy rule the application filter is added to applies to GenAI app traffic.
    5. Configure additional
      Category Filters
       to narrow down the scope of impacted GenAI apps. Consider the following tags when creating your GenAI application filter.
      • Risk
        —Specify the
        Risk
         score so the Security policy rule action only applies to GenAI apps with the selected risk score.
        For example, you want to write a Security policy rule to block access to all risky GenAI apps regardless of its use. In this case, you can create an application filter for GenAI apps
        4
         and
        5
         so the Security policy rule only applies to GenAI apps with these risk scores.
      • Tag
        —Specify whether the Security policy rule action applies to GenAI apps tagged as
        Sanctioned
        ,
        Tolerated
        , or
        Unsanctioned
        . Additionally, you can apply tags based on the GenAI app use case.
        For example, you want to write a Security policy rule to allow access to sanctioned Code Assistant & Generator GenAI apps. In this case, you can create an application filter that includes both the
        Sanctioned
         and
        Code Asistant & Generator
         tags so the Security policy rule only applies to GenAI apps with this application tag and that fall within the use case.
    6. Review the list of
      Matching Applications
      .
    7. Save
      .
    8. Push Config
       and
      Push
      .

    Use Application Filters for GenAI Apps on Panorama

    Create Application Filters to use in your Security policy rules on the
    Panorama™ management server
     to control GenAI app usage in your organization.
    1. Log in to the
      Panorama™ management server
       web interface.
    2. Select
      Objects
      Application Filters
       and
      Add
       a new application filter.
    3. Enter a descriptive
      Name
      .
    4. For the
      Tag
       select
      Generative AI
      .
      All GenAI apps inspected by
      NGFW
       or
      Prisma Access
       are tagged with
      genai
       when inspected. When creating a custom application filter for GenAI apps,
      Palo Alto Networks
       recommends selecting the
      Generative AI
       tag to ensure the Security policy rule the application filter is added to applies to GenAI app traffic.
    5. Configure additional
      Category Filters
       to narrow down the scope of impacted GenAI apps. Consider the following tags when creating your GenAI application filter.
      • Risk
        —Specify the
        Risk
         score so the Security policy rule action only applies to GenAI apps with the selected risk score.
        For example, you want to write a Security policy rule to block access to all risky GenAI apps regardless of its use. In this case, you can create an application filter for GenAI apps
        4
         and
        5
         so the Security policy rule only applies to GenAI apps with these risk scores.
    6. Review the list of matching applications.
    7. Click
      OK
      .
    8. Select
      Commit
       and
      Commit and Push
       your configuration changes.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.