Generative AI

The IBM® Security QRadar® Generative AI Content Extension provides a set of dashboards that provide insights into the generative AI tools that are used in your environment. These visualizations enhance the data on the Generative AI Tools Activity page to provide readily available metrics that align with hosts, users, and IP addresses in your environment.

To use the full capabilities of the IBM Security QRadar Generative AI dashboards, download the following content extensions:

IBM QRadar Custom Properties for Blue Coat (https://exchange.xforce.ibmcloud.com/hub/extension/IBMQRadar:BlueCoatCustomProperties)
IBM QRadar Custom Properties for Squid Web Proxy (https://exchange.xforce.ibmcloud.com/hub/extension/fed5f7ae5a52c1c84395e959209a85fc)
IBM QRadar Custom Properties for Cisco IronPort (https://exchange.xforce.ibmcloud.com/hub/extension/7254252db7da398855547dd7ac9c258b)
IBM QRadar Custom Properties for Microsoft ISA (https://exchange.xforce.ibmcloud.com/hub/extension/8dec1a4a2c6637c68f7b149208a17bfd)
Reference Data Management (https://exchange.xforce.ibmcloud.com/hub/extension/ac45939789c745e6ebfecebc309b1762)

Important: The following parameters must be set to get data on the dashboard:

Time_Span
The default value is 2 hours.
generative_ai_tool
This parameter value must come from the Value column of the reference map.
generative_ai_host
This parameter value must come from the Key column of the reference map.
investigatedIP
user

IBM Security QRadar Generative AI Content Extension 1.1.1

The following table shows the reference map that is used in the IBM Security QRadar Generative AI Content Extension 1.1.1.

Table 1. Reference map in IBM Security QRadar Generative AI Content Extension 1.1.1
Reference Map	Action
`deepseek.com`	`Added`
`huggingface.co`	`Added`
`api.blf.ai`	`Added`
`mistral.ai`	`Added`

IBM Security QRadar Generative AI Content Extension 1.1.0

The following dashboards are included with the IBM Security QRadar Generative AI Content Extension 1.1.0:

Table 2. Dashboards included with the IBM Security QRadar Generative AI Content Extension 1.1.0
Dashboard name	Description	Widgets
Tools Overview By Flows	Collect insights into activity across the entire network, focusing on which tools are used, who uses these tools, and what events are related.	The following widgets for Generative AI Tools are on the dashboard: Total Usage Top 10 Users Source Location Top 10 Destination IPs Top 10 Source IPs Flow Bytes Recent Events Clicking specific entries in these widgets opens other pages. For example, if you click one of the Source IP address bars in the Top 10 Source IPs widget, the IP address overview opens.
Tool Overview	Drill into a specific tool and identify its usage.	The following Generative AI Tool widgets are on the dashboard: Usage Event Count Source Location Top 10 Source IPs Top 10 Destination IPs Top 10 Users Recent Events
Host Overview	Drill into a specific host and identify its usage.	The following Generative AI Host widgets are on the dashboard: Source Location Top 10 Source IPs Top 10 Destination IPs Top 10 Users Recent Events
IP Address Overview	Drill into a specific IPv4 address and highlight metrics that are associated with the address.	The following widgets are on the dashboard: Top 10 Destination IPs Top 10 Source IPs Top Known Destination Countries Top Known Source Countries Top 10 Events Associated with this IP Top 10 Identified Usernames Associated with Investigated IP Top 10 Custom Rule Engine Events Associated with this IP Top 10 Events Associated with this IP that Contribute to an offense
Username Overview	Drill into a specific user and highlight metrics that are associated with the user.	The following widgets are on the dashboard: Top 10 Destination IPs for Username Top 10 Source IPs for Username Top Destination Countries for Username Top Source Countries for Username Top 10 Custom Rule Engine Events Associated with this Username Top 10 Events Associated with this Username Top 10 Events Associated with this Username that Contribute to an offense

Important: These dashboards are supported on QRadar Pulse 2.2.5 or later.

IBM Security QRadar Generative AI Content Extension 1.0.0

IBM Security QRadar Generative AI Content Extension 1.0.0

The following table shows the custom properties in IBM Security QRadar Generative AI Content Extension 1.0.0.

Table 3. Custom Properties in IBM Security QRadar Generative AI Content Extension 1.0.0
Name	Optimized	Capture Group	Regex
URL Host	True	0	Placeholder for custom property `UrlHost`

The following table shows the reference map that is used in the IBM Security QRadar Generative AI Content Extension 1.0.0.

Table 4. Reference map in IBM Security QRadar Generative AI Content Extension 1.0.0
Key	Value
`chatgpt.com`	`chatgpt.com`
`api.openai.com`	`api.openai.com`
`copilot-telemetry.githubusercontent.com`	`githubcopilot.com`
`copilot-proxy.githubusercontent.com`	`githubcopilot.com`
`api.githubcopilot.com`	`githubcopilot.com`
`central.github.com`	`githubcopilot.com`
`grpc.stability.ai`	`stablediffusion`
`sydney.bing.com`	`bing.com`
`us-central1-aiplatform.googleapis.com`	`googleai`
`generativelanguage.googleapis.com`	`googleai`
`console.cloud.google.com`	`googleai`
`a-api.anthropic.com`	`claude.ai`
`dreamstudio.ai`	`dreamstudio.ai`
`api.claude.ai`	`claude.ai`