General
The General settings allows you to view and manage the various service integrations with AI Guard. You can configure which service integrations are enabled and, for the threat intelligence service integrations, which provider to use and the risk level threshold to be considered malicious when using the “Defang if malicious” redaction method. The Reputation Check option available for IP Address, URL, and Email Address rules requires the integration of the IP Intel, URL Intel, Domain Intel, and User Intel services.
Activity Log
The Activity Log uses the Audit Log service to log configured interactions in AI Guard for visibility, security, and compliance purposes.
Redact Integration
The Redact service is required for AI Guard because recipes are built using redaction rules and actions. This integration is designed to minimize the amount of sensitive or regulated data that is passed from the user via a prompt to the LLM by analyzing and redacting any data that meets rules set up in the Redact configuration.
IP Intel Integration
The integration with IP Intel enables you to choose a provider to use with AI Guard, and to define a risk level threshold to be considered malicious. When Defang if malicious is chosen as a redaction method, it means that the data detected by the redact rule should be defanged only when the IP Intel lookup gives a risk score at or above this threshold. When the Reputation Check option is enabled for an IP Address rule, the configured IP Intel provider will be used to perform the reputation check.
URL Intel Integration
With the URL Intel integration, you can select the URL Intel provider used to process URLs in the prompts and define a risk level threshold to be considered malicious. .
When Defang if malicious is chosen as a redaction method, it means that the data detected by the redact rule should be defanged only when the URL Intel lookup gives a risk score at or above this threshold. When the Reputation Check option is enabled for an URL rule, the configured URL Intel provider will be used to perform the reputation check.
User Intel Integration
The User Intel integration can determine whether email addresses detected in the data were involved in a security breach by processing them through the selected Breach Provider. When the Reputation Check option is enabled for an Email rule, the configured URL Intel Breach Provider will be used to perform the breach lookup on the email address matched by the rule.
Domain Intel Integration
Using the Domain Intel integration enables you to retrieve risk level from a defined reputation provider to determine whether the domain is malicious. If the domain is determined to be malicious based on the risk level threshold, then the actions defined in the configuration will be performed.
When Defang if malicious is chosen as a redaction method, it means that the data detected by the redact rule should be defanged only when the Domain Intel lookup gives a risk score at or above this threshold.
When the Reputation Check option is enabled on a rule, a reputation check is performed on domains detected in the matched data using the configured Domain Intel provider.
Was this article helpful?