This page shows the use of AI Network flow logs to flag malicious traffic and correlate them with cloud assets discovered in the Strata Cloud Manager (SCM) Cloud Application Command Center.

For each security event (Block or Alert) triggered by the AI Security profile, the traffic logs between server and client are logged. For instance, Data Leak Detection, URL Security Detection, and Prompt Injection Detection logs. The log includes traffic details such as the AI model name, CSP region name, AI model CSP region name, AI incident type, incident subtype, and the AI security profile name. You can also find the session ID, source, and destination details.

Click on a log to view the detailed traffic logs showing general information about the AI Runtime Security, including a session ID, the source and destination of the traffic, AI Security details such as the model name, the model CSP name, the incident type, and an incident report ID for troubleshooting.

Switch to the

AI Security Report

tab to inspect the content of the AI traffic for specific AI threat logs:

The
Model Protection
displays logs for any detected prompt injection threats.
The
Application Protection
Shows URL categories and the specific URLs that triggered these categories.
The
Data Protection
Lists DLP data patterns that were triggered and the masked content that caused each pattern to trigger. These logs are categorized based on low, medium, and high-severity alerts.