Settings
To open administration settings in the AIDR console, click Settings in the top menu. The dropdown menu shows the available Settings pages:
- Model Intent - Set organizational constraints for acceptable AI usage across all collectors.
-
Usage - View usage metrics and statistics.
-
Activity - View activity logs for your organization.
- Alias Mapping - Manage custom labels for AIDR entity attributes.
Select a page from the dropdown to open it. The selected page and other Settings pages appear as tabs in a second row at the top of the console.
Model Intent
Model Intent globally defines fundamental organizational constraints for acceptable AI usage, such as privacy protection, ethical AI use, and regulatory compliance requirements. These constraints establish what AI systems in your organization should and should not be used for, providing a baseline for policy enforcement across all AI interactions.
When you enable Model Intent Conformance Detection in the Malicious Prompt detector, AIDR compares user prompts against your Model Intent to detect attempts to use AI for purposes that violate your organizational policies.
This detection operates at a higher priority than application-specific intent expressed in system instructions, establishing boundaries within which applications can introduce additional constraints.
Configure Model Intent
AIDR provides a default Model Intent value that you can modify to match your organization's policies.
To modify Model Intent:
- Click Settings in the top menu and select Model Intent.
- Click the Model Intent tile to open the configuration dialog.
- Modify the Model Intent content in the text field. Express constraints clearly, describing acceptable and unacceptable uses of AI in your organization.
- Click Save to apply the changes globally.
The Model Intent tile shows the current status:
- Default - Using the default Model Intent value
- Set - Using custom Model Intent content
Activity logs
On the Settings > Activity page, you can view activity logs for your AIDR account and verify their tamperproof status.
Overview
Organization activity logs include the following types of events:
- Membership changes and other organization-level updates
- User sign-ins
- Collectors and Policies configuration changes
- Updates to AIDR service configuration
Each logged event contains:
- Time - Date and time of the event
- Actor - User who performed the action
- Action - Description of the action performed
- Target - ID of the affected resource
- Message - Short summary of the event
- Old - Previous value of the resource
- New - Updated value of the resource
The changed values in the Old and New fields are highlighted in yellow.
You can filter activity logs by date range and attributes. The search bar helps you refine results with:
- Completion suggestions for available attributes and their values
- Filter dialog (funnel icon)
- Date range control
Click the gear icon in the top right to choose which columns are visible in the log table.
You can sort the table by clicking column headers.
Search bar
By default, the log viewer displays events from the past two hours.
To customize your search:
- Click the funnel icon to open the filter dialog, enter your criteria, and click Search. The search syntax appears in the search bar, and matching results display in the table.
- Place your cursor in the search bar to view a dropdown of available search parameters. Start typing to filter the list and use autocompletion to build your query.
- Enter your query manually. Learn more about the search syntax in the Secure Audit Log documentation.
Date range
All searches must include a time range, with the default set to the most recent two hours.
The date range selector next to the search button provides several options:
- Quick selections - Choose a relative range of 1, 7, or 30 days.
- Relative - Define a custom relative date range.
- Between - Search for log events between two specific dates.
- Before - Search for events that occurred before a specific date.
- After - Search for events that occurred after a specific date.
You can apply a time range filter directly from the log table. Hover over a timestamp in a result row or in the expanded details view, then click the ⨁ icon next to it to filter by that exact date or set it as the upper or lower limit of your range.
Event details
To view all fields for an event, click its row in the search results. The row expands to show every event field, including those not currently visible in the table.
If a field (such as Old or New) contains JSON data, it displays as an interactive JSON tree.
Tamperproof information
Icons in the log viewer indicate tamperproof status for each record. Learn more about Tamperproofing in the Secure Audit Log documentation.
-
Lock icon
The lock icon shows that the membership proof for the log event is verified. Click the icon to open a pop-up with details for independently verifying the event:
-
Status - Possible statuses are Verified, Unverified, or Failed.
- Unverified - Indicates cached records that are not yet committed.
- Failed - Shows with a red lock icon.
-
Verification artifacts - Includes the message hash, membership proof, consistency proof, root hash, and a link to the published root hash.
-
Verification command - Provides a command you can run with Python SDK to verify the record's tamperproof status.
-
-
Green line
A vertical green line between lock icons indicates that the consistency proof for the two adjacent log events is verified.
Tamperproof icons appear asynchronously after search results return, as verification is performed.
Alias Mapping
Alias mappings assign custom labels to AIDR entity attributes displayed on the Visibility and Findings pages.
Manage alias mappings in Settings
On the Settings > Alias Mapping page, click Create to add a new mapping with the following details:
- Field - Attribute to map, such as
User,Application ID, orProvider - Source Identifier - Original value of the selected attribute
- Alias - Custom label that will be displayed instead of the original value
Click Save to create the mapping.
To edit or delete an existing mapping, click the menu (⫶) icon in its row.
Manage alias mappings on Visibility and Findings pages
On the Visibility and Findings pages, you can add or edit alias mappings directly by hovering over an attribute value and clicking the pencil (✎) icon.
Aliased values are highlighted.
Appendix
Search syntax
The Search feature provides a simple search grammar for finding specific events in the logs.
The search queries are case sensitive.
Simple search
The search query can be either key-value pairs to search a specific field or plain text to search across all fields. A query of accessed will search for the term accessed across all fields and help find events when a user read configuration.
Single field search
Use the format <field_name>:<value> for a single field search. The field name must exactly match the field name to be searched. The search performs a partial match of data in the specified field matching the search term.
For example: user:"nedry" will initiate the search for any event where the user field contains the word nedry.
You can exclude specific values and return everything that does not match the search term by including a minus (-) prefix. For example, -user:"nedry" returns all results where the user field does not include the word nedry.
You can use > or < operators to filter by date. For example, received_at<"2025-11-29".
Using multiple search terms
Multiple search terms can be joined using the AND and OR operators. For example, to search for events where the user field contains nedry and the action contains accessed, the following search string would be used:
user:"nedry" AND action:"accessed"
Grouping search terms
Search terms can be logically grouped using parentheses. For example, to search for events where the user is "nedry" or "murphy" and the action is "accessed", the following would be used:
(user:"nedry" OR user:"murphy") AND action:"accessed"
Escaping characters
Escape backslash \ and the quotation mark " in your search criteria using the backslash symbol. For example:
message:"Project \"Production\" accessed by dennis.nedry@ingen.com"
Was this article helpful?