This section shows how to view and interpret threat logs and AI security logs for
different protection types. The Log Viewer provides a single, unified interface
for viewing both network-based and API-based AI security events.
Prisma AIRS allows you to detect and alert on malicious
traffic through various protection mechanisms. The detailed logs offer enhanced
visibility by correlating threats with cloud assets discovered in the Strata Cloud Manager command center, enabling a more comprehensive and informed
security approach.
Licensing Capacity Limit: Limited to
processing up to 10K AI transactions per day per vCPU of AI network
intercept.
Prisma AIRS AI Runtime Security: API Logs
You can view the scan API logs forwarded by Strata Logging Service. Ensure to
enable the Strata Logging Service logs forwarding while associating your
deployment profile with a tenant service group (TSG).
Select the Prisma AIRS/AI Runtime Security API log type.
Threat Logs and AI Security Logs
Select the log types as Firewall/Threat logs or
Firewall/AI Security, depending on your use of Strata Logging Service for log forwarding.
To view a detailed AI security report for Panorama managed Prisma AIRS AI Runtime: Network intercept, see the threat logs page in the Panorama
documentation.
For comprehensive threat detection and analysis with Panorama, you should
use Firewall/Threat logs with subtype ai-security when not using
Strata Logging Service.
Select Firewall/Threat logs with subtype "ai-security".
The logs provide the following information:
Panorama supports “Threat” logs with the subtype
‘ai-security' to log threats triggered by the AI security
profile.
The ' Threat Category ' column identifies specific Prisma AIRS AI Runtime: Network intercept
threat types.
Enhanced threat details include Threat IDs, which uniquely
combine the threat category and model name (for example, “AI Prompt
Injection: GCP - Gemini 1.5 Flash”). See the threat category types
table below for more information about the specific Threat IDs,
descriptions, and severities.
Advanced filtering capabilities enable you to analyze specific
threat types or combinations of threats and models.
This log type is recommended for Panorama-managed firewalls
or when you don’t want to forward the logs to Strata Logging Service.
Threat Category Types
The table below provides details on the various threat categories, when they
are triggered, and their respective severities:
Threat CategoryIssue ID
Description
Severity
Threat ID: Name
Example Threat ID
ai-prompt-injection
Prompt injection detection
Medium
AI Prompt Injection: <Model Name>
AI Prompt Injection: GCP - Gemini 1.5 Pro
ai-url-security
URL category triggered with action Alert or
Block
Low
AI URL Security: <Model Name>
AI URL Security: GCP - Gemini 1.5 Pro
ai-data-leakage
Sensitive data detected by DLP
Dependent on configurations
AI Data Leakage: <Model Name>
AI Data Leakage: GCP - Gemini 1.5 Pro
ai-model-access-control
Traffic blocked due to model access control
setting
Low
AI Model Access Control: <Model Name>
AI Model Access Control: GCP - Gemini 1.5 Pro
ai-latency-block
Traffic blocked due to max latency setting
Low
AI Latency Block: <Model Name>
AI Latency Block: GCP - Gemini 1.5 Pro
ai-database-security-<query type>
Database query detected with action
Alert or Block
Query Type: Read, Create,
Update, Delete
Read: Low
Create: Medium
Update: Medium
Delete: High
AI Database Security <query type>: <Model
Name>
AI Database Security Read: GCP - Gemini 1.5
Pro
AI Database Security Create: GCP - Gemini
1.5 Pro
AI Database Security Update: GCP - Gemini
1.5 Pro
AI Database Security Delete: GCP - Gemini
1.5 Pro
With Strata Logging Service - AI Security Logs
View AI security logs with Strata Logging Service.
Where Can I Use This?
What Do I Need?
AI Security Logs Inspection in Strata Cloud Manager
To ensure proper AI security monitoring and analysis, you should use Firewall/AI
Security logs for detailed AI-specific threat information when using the Strata Logging Service. These logs provide more detailed information than
standard threat logs.
Strata Logging Service generates the AI security logs when AI
security threats are detected between AI applications and AI models.
Includes detailed threat snippet identification and reporting.
Provide in-depth threat information and reports for different
protection types such as AI model protection, AI application
protection, and AI data protection.
Create an AI security profile and attach a model group with
specific protections to monitor traffic between your AI models,
AI applications, and AI data, and detect threats.
This log type is recommended for platforms with Strata Logging Service for log forwarding, and if you want
detailed AI-specific threat information.
A log is generated for each AI security threat detected between an AI
application and model. The logs are generated for prompt injections, sensitive
data leakage, malicious URLs detected, and AI-generated database queries.
Traffic Details
Traffic Details: Click on a log to view traffic logs showing general
information about Prisma AIRS AI Runtime: Network intercept.
The traffic details logs include:
The AI model name, AI model CSP region name, AI incident type, AI incident
subtype, AI security profile name, and an incident report ID for
troubleshooting.
The logs also include the session ID, source, and destination details.
The AI security threats are categorized into AI incident types and
subtypes:
Incident Type
Incident Subtype
Incident Subtype Details
ai-model-protection
prompt-injection
NA
ai-app-protection
url-security
URL categories detected
ai-data-protection
data-rule
database-security
Data Rule: Name of DLP profile triggered
Database Security: type of database query detected
(Create, Read, Update, or Delete)
model-denied
N/A
latency-block
N/A
AI Security Report
AI Security Report: The AI Security Report tab provides detailed
information on the AI traffic and specific AI threat logs. It includes threat
snippet identification and reporting. The Prisma AIRS
platform supports asynchronous identification of particular content snippets that
trigger security detectors.
Each report includes a unique report ID to help debug
logs.
Model Protection:
The model protection report displays logs for any
detected prompt injection threats. The prompt injection snippet (at most
1000 characters) helps identify the trigger and can include multiple
snippets for complex payloads.
Application Protection:
The application protection report shows URL
categories and the specific URLs in the payload that triggered these
categories
Data Protection
The data protection report lists DLP data patterns
that were triggered and the masked content that caused each pattern to
trigger. These logs are categorized based on low, medium, and
high-severity alerts. The data protection report includes two main
components:
Matched Data Patterns (DLP):
Shows matched Data Loss Prevention (DLP) data patterns
that were triggered.
Display specific snippets of content matching DLP data
patterns. Content is stored and masked based on
Manage → Data Loss
Prevention →
Settings → Sensitive
Data configuration.
Data pattern matches are categorized based on low,
medium, and high Confidence Level.
If multiple SQL queries are detected in the model
response, the report shows up to 10 SQL queries (with
each query limited to 1,000 characters). The queries are
prioritized in the following order: Delete, Update,
Create, and Read actions.
