AI Security
Focus
Focus
Strata Logging Service

AI Security

Table of Contents

AI Security

The AI Security logs contain information to help you monitor and investigate threats found in your AI network traffic with AI Runtime Security.
AI SECURITY Field
(Display Name)
Description
action
(ACTION)
Identifies the action that the firewall takes for the network traffic. Action can be allow/block/alert in the firewall logs.
ai_incident_report_id
(AI INCIDENT REPORT ID)
Advanced Threat Prevention report ID.
ai_incident_subtype
(AI INCIDENT SUBTYPE)
These are corresponding type to a subtype matches:
  • AI Application Protection - URL Security
  • AI Mode Protection - Prompt Injection
  • AI Data Protection - Data Rule
ai_incident_type
(AI INCIDENT TYPE)
The incident types are - AI Application Protection, AI Model Protection, AI Data Protection, Latency Limit, Model Denied.
ai_model_csp_name
(AI MODEL CSP NAME)
Name of the cloud provider where LLM is hosted.
ai_model_csp_region_name
(AI MODEL CSP REGION NAME)
Region name of the cloud provider where LLM is hosted.
ai_model_name
(AI MODEL NAME)
e.g. Gemini 1.5 Pro, GPT-4.
ai_security_profile_name
(AI SECURITY PROFILE NAME)
The name of AI Security Profile.
ai_subtype_details
(AI SUBTYPE DETAILS)
If AI Data Protection - Data Filtering was triggered, this field provides the name of the specific DLP rule that was triggered. If AI Application Protection - URL Security was triggered, this field provides the specific URL category that was triggered.
customer_id
(TENANT ID)
The ID that uniquely identifies the Logging Service instance which received this log record. It’s equivalent to csp_id.
dest_ip.​value
(DESTINATION ADDRESS)
Original destination IP address.
dest_port
(DESTINATION PORT)
Network traffic's destination port. If this value is 0, then the app is using its standard port.
k8s_cluster_id
(KUBERNETES CLUSTER ID)
Unique ID for Kubernetes cluster.
latency
(LATENCY)
The time that core service processes all the sessions.
log_source
(LOG SOURCE)
Identifies the origin of the data.
log_source_id
(DEVICE SN)
ID that uniquely identifies the source of the log.
If the log is generated by Prisma Access, the serial number is not displayed.
log_source_name
(DEVICE NAME)
The hostname of the firewall that logged the network traffic.
log_time
(TIME RECEIVED)
Time the log was received in Strata Logging Service. This string contains a timestamp value in microseconds.
log_type.​value
(LOG TYPE)
Specifies the log type.
max_latency_hit
(MAX LATENCY HIT)
  • Yes if detected asynchronously and hit the max latency.
  • No if blocked in-line
platform_type
(PLATFORM TYPE)
Identifies the platform that generated the log.
protocol.​value
(PROTOCOL)
IP protocol associated with the session; TCP, UDP, or other protocols. As firewall doesn’t support HTTP/3 at this moment, AI traffic can only be transferred over TCP. This value is hard-coded in AI firewall Cloud and sent to Logging Service.
request_response
(THREAT IN REQUEST OR RESPONSE)
Identifies if threat was detected in model input or output.
session_id
(SESSION ID)
Identifies the firewall's internal identifier for a specific network session.
session_start_time
(SESSION START TIME)
Time when the session was established. The format is YYYY-MM-DDTHH:MM:SS[.DDDDDD]Z.
source_ip.​value
(SOURCE ADDRESS)
Original source IP address of the session.
source_port
(SOURCE PORT)
Source port utilized by the session.
time_generated
(TIME GENERATED)
Time when the log was generated on the firewall's data plane. This string contains a timestamp value in microseconds.
time_generated_high_res
(TIME GENERATED HIGH RESOLUTION)
Time the log was generated in data plane with millisecond granularity in format YYYY-MM-DDTHH:MM:SSS[.DDDDDD]Z.
tsg_id
(TSG ID)
The unique ID assigned to a tenant.
vendor_name
(VENDOR NAME)
Identifies the vendor that produced the data.
vendor_severity.​value
(VENDOR SEVERITY)
Severity level of the event as defined by the vendor writing this log record. Severity can be informational, low, medium, high in the firewall threat logs.