>
    Strata Copilot
    Without Strata Logging Service - Threat Logs
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma AIRS
    3. Administration
    4. Monitor: Threat Logs and AI Security Logs
    5. Without Strata Logging Service - Threat Logs
    Download PDF
    Prisma AIRS

    Without Strata Logging Service - Threat Logs

    Table of Contents

    Without Strata Logging Service - Threat Logs

    View security threat logs without Strata Logging Service.
    Where Can I Use This?What Do I Need?
    • AI Threat Logs Inspection in Strata Cloud Manager
    For comprehensive threat detection and analysis with Panorama, you should use Firewall/Threat logs with subtype ai-security when not using Strata Logging Service.
    1. Log in to Strata Cloud Manager.
    2. Navigate to Incidents and Alerts→ Log Viewer.
    3. Select Firewall/Threat logs with subtype "ai-security".
      The logs provide the following information:
      • Panorama supports “Threat” logs with the subtype ‘ai-security' to log threats triggered by the AI security profile.
      • The ' Threat Category ' column identifies specific Prisma AIRS AI Runtime: Network intercept threat types.
      • Enhanced threat details include Threat IDs, which uniquely combine the threat category and model name (for example, “AI Prompt Injection: GCP - Gemini 1.5 Flash”). See the threat category types table below for more information about the specific Threat IDs, descriptions, and severities.
      • Advanced filtering capabilities enable you to analyze specific threat types or combinations of threats and models.
      • This log type is recommended for Panorama-managed firewalls or when you don’t want to forward the logs to Strata Logging Service.
      Threat Category Types
      The table below provides details on the various threat categories, when they are triggered, and their respective severities:
      Threat CategoryIssue IDDescriptionSeverityThreat ID: NameExample Threat ID
      ai-prompt-injectionPrompt injection detectionMediumAI Prompt Injection: <Model Name>AI Prompt Injection: GCP - Gemini 1.5 Pro
      ai-url-securityURL category triggered with action Alert or BlockLowAI URL Security: <Model Name>AI URL Security: GCP - Gemini 1.5 Pro
      ai-data-leakageSensitive data detected by DLPDependent on configurationsAI Data Leakage: <Model Name>AI Data Leakage: GCP - Gemini 1.5 Pro
      ai-model-access-controlTraffic blocked due to model access control settingLowAI Model Access Control: <Model Name>AI Model Access Control: GCP - Gemini 1.5 Pro
      ai-latency-blockTraffic blocked due to max latency settingLowAI Latency Block: <Model Name>AI Latency Block: GCP - Gemini 1.5 Pro
      ai-database-security-<query type>
      Database query detected with action Alert or Block
      Query Type: Read, Create, Update, Delete
      Read: Low
      Create: Medium
      Update: Medium
      Delete: High
      		AI Database Security <query type>: <Model Name>
      AI Database Security Read: GCP - Gemini 1.5 Pro
      AI Database Security Create: GCP - Gemini 1.5 Pro
      AI Database Security Update: GCP - Gemini 1.5 Pro
      AI Database Security Delete: GCP - Gemini 1.5 Pro

    © 2025 Palo Alto Networks, Inc. All rights reserved.