Strata Logging Service
AI Security
Table of Contents
Expand All
|
Collapse All
AI Security
The AI Security logs contain information to help you monitor and investigate threats
found in your AI network traffic with AI Runtime Security.
AI SECURITY Field
(Display Name)
|
Description
|
|---|---|
action
(ACTION)
| Identifies the action that the firewall takes for the network
traffic. Action can be allow/block/alert in the firewall logs.
|
ai_incident_report_id
(AI INCIDENT REPORT ID)
| Advanced Threat Prevention report ID. |
ai_incident_subtype
(AI INCIDENT SUBTYPE)
| These are corresponding type to a subtype matches:
|
ai_incident_type
(AI INCIDENT TYPE)
| The incident types are - AI Application Protection, AI Model
Protection, AI Data Protection, Latency Limit, Model Denied.
|
ai_model_csp_name
(AI MODEL CSP NAME)
|
Name of the cloud provider where LLM is hosted.
|
ai_model_csp_region_name
(AI MODEL CSP REGION NAME)
|
Region name of the cloud provider where LLM is hosted.
|
ai_model_name
(AI MODEL NAME)
|
e.g. Gemini 1.5 Pro, GPT-4.
|
ai_security_profile_name
(AI SECURITY PROFILE NAME)
| The name of AI Security Profile. |
ai_subtype_details
(AI SUBTYPE DETAILS)
| If AI Data Protection - Data Filtering was triggered, this field
provides the name of the specific DLP rule that was triggered.
If AI Application Protection - URL Security was triggered, this
field provides the specific URL category that was triggered.
|
customer_id
(CORTEX DATA LAKE TENANT ID)
|
The ID that uniquely identifies the Logging Service instance which received this log record. It’s equivalent to csp_id.
|
dest_ip.value
(DESTINATION ADDRESS)
|
Original destination IP address.
|
dest_port
(DESTINATION PORT)
|
Network traffic's destination port. If this value is 0, then the app is using its standard port.
|
k8s_cluster_id
(KUBERNETES CLUSTER ID)
| Unique ID for Kubernetes cluster. |
latency
(LATENCY)
| The time that core service processes all the sessions. |
log_source
(LOG SOURCE)
| Identifies the origin of the data. |
log_source_id
(DEVICE SN)
|
ID that uniquely identifies the source of the log.
If the log is generated by Prisma Access, the serial number is not displayed. |
log_source_name
(DEVICE NAME)
|
The hostname of the firewall that logged the network traffic.
|
log_time
(TIME RECEIVED)
| Time the log was received in . This string contains a
timestamp value in microseconds. |
log_type.value
(LOG TYPE)
|
Specifies the log type.
|
max_latency_hit
(MAX LATENCY HIT)
|
|
platform_type
(PLATFORM TYPE)
|
Identifies the platform that generated the log.
|
protocol.value
(PROTOCOL)
| IP protocol associated with the session; TCP, UDP, or other
protocols. As firewall doesn’t support HTTP/3 at this moment, AI
traffic can only be transferred over TCP. This value is
hard-coded in AI firewall Cloud and sent to Logging Service.
|
request_response
(THREAT IN REQUEST OR RESPONSE)
| Identifies if threat was detected in model input or output. |
session_id
(SESSION ID)
| Identifies the firewall's internal identifier for a specific
network session. |
session_start_time
(SESSION START TIME)
| Time when the session was established. The format is
YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z. |
source_ip.value
(SOURCE ADDRESS)
|
Original source IP address of the session.
|
source_port
(SOURCE PORT)
|
Source port utilized by the session.
|
time_generated
(TIME GENERATED)
| Time when the log was generated on the firewall's data plane. This string contains a
timestamp value in microseconds. |
time_generated_high_res
(TIME GENERATED HIGH RESOLUTION)
|
Time the log was generated in data plane with millisecond granularity in format YYYY-MM-DDTHH:MM:SSS[.DDDDDD]Z.
|
tsg_id
(TSG ID)
| The unique ID assigned to a tenant. |
vendor_name
(VENDOR NAME)
|
Identifies the vendor that produced the data.
|
vendor_severity.value
(VENDOR SEVERITY)
| Severity level of the event as defined by the vendor writing this log record. Severity
can be informational, low, medium, high in the firewall threat
logs. |