- Dashboards
- Navigation Overview
- View and Interact with Dashboards
- View and Interact with Visualizations
- User Management
- Configure and Manage Dashboards
- Create a Dashboard
- Add a Visualization to a Dashboard
- Add a Text Tile
- Modify a Dashboard Layout
- Add Dashboard Filters
- Manage Automatic Refresh Rates
- Create a Scheduled Delivery
- Make a Dashboard Public
- Export and Import Dashboards
- Edit Dashboard Filters
- Edit Dashboard Details
- Duplicate a Dashboard
- Delete a Dashboard
- Configure and Manage Visualizations
- Create a Visualization
- Auto-Create a Visualization from a Natural Language Prompt
- Create a Visualization from a Search Query
- Add Visualizations from the Library to a Dashboard
- Modify a Visualization
- Configure Visualization Query Filters
- Include Context Filtering in Visualizations
- Make a Visualization Public
- Export and Import Visualizations
- Duplicate a Visualization
- Remove a Visualization from a Dashboard
- Delete Visualizations from the Library
- Pre-Built Dashboards
- Advanced Analytics
- AI/LLM Dashboards
- Threat Center
- Case Manager
- Compliance / Event Store
- Access Grant and Revoke Activity Dashboard
- Account Logout Summary Dashboard
- Account Management Activity Dashboard
- Application Security Event Summary Dashboard
- Authenticated User Accounts on Hosts Dashboard
- AWS CloudTrail Summary Dashboard
- Data Loss Prevention Activity Dashboard – Host-Based
- Data Loss Prevention Activity Dashboard – User-Based
- Data Loss Prevention Activity Summary Dashboard
- Default Account Access Dashboard
- Default Credential Usage and Change Activity Dashboard
- Denied Web Access Activity Dashboard
- Disabled User Account Summary Dashboard
- Discovered Attacks by Source and Destination Dashboard
- Endpoint Detection and Response Dashboard
- Failed Application Logon Activity Dashboard
- Failed Audit Logs Summary Dashboard
- Failed Host Login Attempt Counts by Users Dashboard
- Failed VPN Login Attempts and Remote Session Timeouts Dashboard
- Firewall Activity Dashboard
- Firewall and Router Device Interfaces Dashboard
- Indicator of Compromise (IOC) Statistics Dashboard
- Insecure Authentication Attempts Dashboard
- Microsoft 365 Summary Dashboard
- Microsoft Windows Overview Dashboard
- Network Applications by Traffic Volume Dashboard
- Policy Activity Summary Dashboard
- Port Usage Trends Dashboard
- Privileged Access Dashboard
- Privileged Access Dashboard – User-Based
- Protocols by Network Traffic Dashboard
- Remote Session Overview Dashboard
- Security Alert Summary Dashboard – Impacted Hosts
- Security Alert Summary Dashboard – Origin Hosts
- Security Alert Summary Dashboard – Users
- Successful Application Logon Activity Dashboard
- Successful Database Login Activity Dashboard
- Successful Physical Access Dashboard
- Top Attackers Dashboard
- User Account Creation Summary Dashboard
- User Account Lockout Activity Dashboard
- Vendor Authentication Activity Dashboard
- Windows Audit Failure Summary by Hosts Dashboard
- Windows Audit Failure Summary by Users Dashboard
- Windows User Privilege Elevation Dashboard
- Zscaler HTTP Dashboard
- Correlation Rules
- SOC Management
- Pre-Built Visualizations
- Anomalies - Use Case & MITRE Coverage
- Anomalies by Rule Name
- Anomalies by Use Case
- Anomalies Count Over Time
- Anomaly Distribution by MITRE Tactic & Score
- Application Count
- Closed Incidents
- Correlation Rules by Severity
- Correlation Rules Triggered Over Time
- Detected Anomalies
- Incidents Created
- Incident Summary by Incident Type
- SOC Incident Distribution
- Top Activities per Top 10 Applications
- Top Users per Top 10 Applications
- Trend of Application Security Events
Public AI/LLM Usage Dashboard
This dashboard visualizes web traffic from sources that can be categorized as different types of AI applications. It provides an overview of their usage in your environment, including how often they are accessed and by which users and entities.
The dashboard relies on the categories entered into the AI/LLM Proxy Categories context table. The context table includes a default set of categories, including AI and ML Applications, Generative AI, and Artificial Intelligence. However, you can expand the table with additional categories.
Note
Usage Requirement
To use this dashboard successfully, add any additional proxy vendor AI/LLM categories into the AI/LLM Proxy Categories context table in the Context Management application. For more information, see Pre-Built AI/LLM Context Tables in the Context Management Guide.
Time Range Filter
The Event : Approx Log Time filter sets the time range for the event data. The default setting is in the last 7 days. You can update this filter with a wide range of customizable settings.
To update the time range filter, click the arrow (
) on the right, under the Edit button, to expand the filters panel. In the Event : Approx Log Time filter, select an operator from the first drop down menu and then enter or select values in the subsequent fields, depending on the operator you selected. To save your filter changes, click Apply on the right side of the filter panel. The updated filter is applied to the visualization.
Public AI/LLM Usage - Most Used 15 Top Domains
This pie chart shows the total count of the top 15 most used domains during the filtered time range. To view the underlying domain access events, click a section of the pie chart and select the Show Results in Search option. The Search application opens and a query is populated in the search bar for you to run.
Public AI/LLM Usage - # of Distinct Top Domains
This single value bar chart displays the total number of the top domains that have been used for AI/LLM activity during the filtered time range.
Public AI/LLM Usage by Hour
This line graph shows the count of AI/MLL activities by hour during the filtered time range. To view the values represented in the chart, hover your cursor over the graph to display the data points. To view the underlying events, click a data point and select the Show Results in Search option. The Search application opens and a query is populated in the search bar for you to run.
Distinct Users Accessing Public AI/LLM Websites
This single value bar chart displays the number of distinct users in your environment that are accessing public AI/LLM websites during the filtered time range.
Distinct Source IPs Accessing Public AI/LLM Website (No user associated)
This single value bar chart displays the number of distinct source IP addresses in your environment (where the user attribute is null in the associated log) are accessing public AI/LLM websites during the filtered time range.
Top 15 Users
This bar chart shows the count of public AI/LLM access events by the top 15 users in your environment during the filtered time range. To view the underlying events, click the on a bar in the chart and select the Show Results in Search option. The Search application opens and a query is populated in the search bar for you to run.
Top 15 Source IPs (No user associated)
This bar chart shows the count of public AI/LLM access events by the top 15 source IP addresses in your environment (where the user attribute is null in the associated log) during the filtered time range. To view the underlying events, click the on a bar in the chart and select the Show Results in Search option. The Search application opens and a query is populated in the search bar for you to run.
List of Users and Public AI/LLM Usage
This table lists users in your environment who have accessed public AI/LLM websites and a count of the count of the top sites they have accessed during the filtered time range. To sort the table by a specific column, click the column heading and toggle the arrow to sort in ascending (
) or descending (
) order.
