Administration
  • Administration
  • AI Runtime Security Documentation
  • All Documentation
>
Without Strata Logging Service (SLS) - Threat Logs
Focus
Download PDF
Focus
  1. Home
  2. AI Runtime Security
  3. Administration
  4. Monitor: Threat Logs and AI Security Logs
  5. Without Strata Logging Service (SLS) - Threat Logs
Download PDF
AI Runtime Security

Without Strata Logging Service (SLS) - Threat Logs

Table of Contents

Without Strata Logging Service (SLS) - Threat Logs

View security threat logs without Strata Logging Service (SLS).
Use Firewall/Threat logs with subtype 'ai-security' for comprehensive AI Runtime Security threat detection and analysis when using Panorama without SLS.
Where Can I Use This?What Do I Need?
  • AI Runtime Security Log Inspection
  • Log in to Strata Cloud Manager.
  • Select Incidents and Alerts → Log Viewer.
  • Select Firewall/Threat logs with subtype "ai-security".
  • Panorama supports “Threat” logs with the subtype ‘ai-security' to log threats triggered by the AI security profile.
  • The ' Threat Category ' column identifies specific AI Runtime Security threat types.
  • Enhanced threat details include Threat IDs, which uniquely combine the threat category and model name (for example, “AI Prompt Injection: GCP - Gemini 1.5 Flash”). See the threat category types table below for more information about the specific Threat IDs, descriptions, and severities.
  • Advanced filtering capabilities enable analysis of specific threat types or combinations of threats and models.
  • Recommended for Panorama managed firewalls or when you don’t want to forward the logs to SLS.
Threat Category Types
The table below provides details on the various threat categories, when they are triggered, and their respective severities:
Threat CategoryIssue IDDescriptionSeverityThreat ID: NameExample Threat ID
ai-prompt-injectionPrompt injection detectionMediumAI Prompt Injection: <Model Name>AI Prompt Injection: GCP - Gemini 1.5 Pro
ai-url-securityURL category triggered with action Alert or BlockLowAI URL Security: <Model Name>AI URL Security: GCP - Gemini 1.5 Pro
ai-data-leakageSensitive data detected by DLPDependent on configurationsAI Data Leakage: <Model Name>AI Data Leakage: GCP - Gemini 1.5 Pro
ai-model-access-controlTraffic blocked due to model access control settingLowAI Model Access Control: <Model Name>AI Model Access Control: GCP - Gemini 1.5 Pro
ai-latency-blockTraffic blocked due to max latency settingLowAI Latency Block: <Model Name>AI Latency Block: GCP - Gemini 1.5 Pro
ai-database-security-<query type>
Database query detected with action Alert or Block
Query Type: Read, Create, Update, Delete
Read: Low
Create: Medium
Update: Medium
Delete: High
AI Database Security <query type>: <Model Name>
AI Database Security Read: GCP - Gemini 1.5 Pro
AI Database Security Create: GCP - Gemini 1.5 Pro
AI Database Security Update: GCP - Gemini 1.5 Pro
AI Database Security Delete: GCP - Gemini 1.5 Pro

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.