Skip to main content

Verify Firefox Collector Deployment

Verify that the extension is configured and connected to AIDR on a user's machine.

Extension status popup

To open the extension status popup:

  • If you have pinned the extension to the browser toolbar, click its icon (CrowdStrike AIDR).
  • If you haven't pinned the extension, click the puzzle piece icon (Extensions) in the toolbar and select it from the list.

The extension status popup shows:

  • CrowdStrike AIDR - Extension vendor and name.
  • Version - Semantic version number (for example, 0.6.10). The first two digits indicate major and minor feature releases. The last digit indicates a patch with improvements or bug fixes.
  • Device - Unique identifier for this extension instance. This identifier appears in AIDR logs and findings. Reinstalling the extension generates a new device ID. You can find collector instances on the collector details page under the Devices tab.
  • UserId - Value from the userId field in the extension's managed storage. If no userId is configured, this field doesn't appear.
  • Hostname - Device hostname from the hostname field in the extension's managed storage. If no hostname is configured, this field doesn't appear.
  • Current state of the extension, displayed in the top right.

Status progression flow

  1. Deployment
    • Not configured (error)
  2. Configuration check
  3. Registration
  4. Site monitoring

Unsuccessful deployment

Not configured

The extension's managed storage contains no configuration.

  1. Verify that the configuration file or registry changes were properly applied to the system.

    You can verify settings at the following OS-specific locations:

    • macOS - Managed preference plist files

      Configuration profile (JAMF deployment)
      plutil -p /Library/Managed\ Preferences/org.mozilla.firefox.plist
      Example configuration
      {
        "3rdparty" => {
          "Extensions" => {
            "pangea-aidr-extension@pangea.cloud" => {
              "registrationIdentity" => "eyJzIjp...YiOjF9"
              "urlTemplate" => "https://api.eu-1.crowdstrike.com/aidr/aiguard"
              "userFullName" => "<user-full-name>"
              "userId" => "<user-id>"
              "hostname" => "<hostname>"
            }
          }
        }
        "EnterprisePoliciesEnabled" => true
        "ExtensionSettings" => {
          "pangea-aidr-extension@pangea.cloud" => {
            "install_url" => "https://pangea.cloud/firefox-aidr-extension/aidr-extension-latest.xpi"
            "installation_mode" => "force_installed"
          }
        }
      }
      Managed Storage (Self-Service deployment)
      cat /Library/Application\ Support/Mozilla/ManagedStorage/pangea-aidr-extension@pangea.cloud.json
      Example configuration
      {
        "name": "pangea-aidr-extension@pangea.cloud",
        "description": "Managed storage for AIDR",
        "type": "storage",
        "data": {
          "urlTemplate": "https://api.crowdstrike.com/aidr/aiguard",
          "registrationIdentity": "eyJzIj...IjoxfQ==",
          "userId": "<user-id>",
          "userFullName": "<user-full-name>",
          "hostname": "<hostname>"
        }
      }

    • Windows - Registry keys

      Registry keys (machine level)
      Get-ItemProperty "HKLM:\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\pangea-aidr-extension@pangea.cloud"
      Registry keys (user-specific)
      Get-ItemProperty "HKCU:\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\pangea-aidr-extension@pangea.cloud"
      Example configuration
      urlTemplate          : https://api.crowdstrike.com/aidr/aiguard
      registrationIdentity : eyJzIj...I6MX0=
      userId               : <user-id>
      userFullName         : <user-full-name>
      hostname             : <hostname>
      ...

    Next steps:

    • If you don't see the expected values provided on the collector details page in the AIDR console, verify the system configuration process and repeat it if necessary.
    • If the system-level configuration is correct but the extension still shows Not configured, ensure that the browser is fully closed and restarted.
    note:

    Unlike Chrome and Edge, Firefox does not provide a way to inspect extension managed storage in the browser. You can only verify configuration at the system level using the paths above.

Invalid configuration

The configuration exists but is malformed due to invalid format or missing value for registrationIdentity or urlTemplate.

Next steps:

  • Re-download and re-apply the configuration.

Error - registration

Device registration failed due to network issues or invalid credentials provided in:

  • registrationIdentity
  • urlTemplate

Next steps:

  • Check network connectivity to the AIDR service.
  • Re-download and re-apply the configuration.

Successful registration

Pending approval

The extension instance is registered but awaiting admin activation in the AIDR console.

By default, devices are auto-approved and activated. If auto-approval isn't enabled or this extension instance has been disabled, it remains in this state until activated.

Next steps:

  • On the collector details page, under Devices, find the extension instance by its ID. Open the menu () in the device row and select Activate.

Error - logging

The extension is registered but can't send monitoring data from a provider site to the AIDR service. Connectivity issues are the most common cause.

Next steps:

  • Check network connectivity to the AIDR service.

Successful deployment

After successful installation and configuration, the status progresses to:

Configured

The extension loaded a valid configuration but hasn't obtained an access token yet. This normal transitional state occurs during extension startup. It progresses to Ready automatically within minutes if the configuration values are valid.

note:

Invalid configuration values result in Unsuccessful deployment.

Ready

The extension is configured, authenticated, and ready to monitor supported AI sites. No activity has been detected yet.

Active

The extension is operational and monitors AI interactions when the user interacts with a supported provider site.

Verify data flow

A deployed collector captures user input and AI service responses on supported provider sites. The collector sends this data to AIDR. AIDR evaluates the data against your collector policy rules and logs the results. If the collector's Logging is set to Log with prompt data, the logs include the user input and AI response.

Provider website

Visit a supported provider site (for example,

ChatGPT or Claude ) and start interacting with the chat application.

Browser UI

Depending on the collector policy, the AIDR collector visibly alters the user experience in the browser:

  • If No Policy, Log Only is assigned, or all policy rule actions are set to Alert and Report, the AIDR collector produces no visible effects.
  • If your policy rules include blocking or data-transforming actions, you may see blocked or redacted prompts when a rule matches. Responses may also look unexpected when sensitive values were redacted before reaching the AI system.

Next steps:

If you don't see AIDR policies applied to the user input:

  • Check Input Rules for the policy assigned to your collector.

    tip:

    To identify your extension instance:

    1. Match the extension urlTemplate value and the AIDR cloud domain.
    2. Switch to the correct customer account in the Falcon console (CID).
    3. Select the correct collector on the Collectors page in the AIDR console.
    4. Match the device ID in the extension status popup with the registered device listed on the collector details page under Devices.

Extension DevTools

Use the extension DevTools to confirm that it's active and sending data to AIDR:

  1. In your browser address bar, go to about:debugging#/runtime/this-firefox.
  2. In the AIDR extension card, click Inspect to open its developer tools.
  3. In Developer Tools, switch to the Network tab.
  4. Check for outbound requests to and responses from the AIDR APIs while interacting with a supported AI provider. You may see the following request names:

Next steps:

If you don't observe network traffic to AIDR APIs from the correctly configured extension, it may be due to:

  • Changes on the provider site - Contact AIDR support .
  • Your machine policies blocking extension functionality - Contact your IT or system administrator.

AIDR console

In the AIDR console, review detailed event logs, visualize them in a Sankey dashboard, and view associated metrics.

Data flow timing:

Data appears in AIDR only when users visit and interact with AI provider sites. Installing the extension alone doesn't create data flow.

View detailed logs

Click Findings in the top menu to review events processed by AIDR. Identify your collector logs by attributes associated with the collector and provider, for example:

  • COLLECTOR TYPE - (for example, Firefox)
  • APPLICATION NAME - Provider service name (for example, ChatGPT)
  • COLLECTOR NAME - Name you gave to your collector
  • TIME - Time of the request

These columns show AIDR processing results:

  • STATUS - Policy decision:
    • Allowed - No risks were detected, and the user prompt or AI system response is allowed by AIDR.
    • Reported - Risks were detected and logged, but the user prompt or AI system response is allowed by AIDR.
    • Blocked - Risks were detected, and AIDR responded with a blocked result. Blocking actions set in policy rules are automatically enforced in Browser, MCP, and (depending on configuration) Gateway collectors.
    • Alerted - A blocked result was logged but not enforced in Report Only mode .
    • Transformed - Sensitive data or malicious references were detected and redacted or defanged. The user prompt or AI system response was allowed with the transformed data.
  • FINDINGS - Detector(s) that identified risks. If AIDR detected no risks and allowed the request, No detections is displayed.

Expand each event log to see additional details, including:

  • User prompt or AI response data - If the collector's Logging is set to Log with prompt data, the event logs contain:

    • Guard Input - Original prompt or response submitted to AIDR
    • Guard Output - Processed response, present only if the data was transformed; otherwise, null

  • Metadata associated with the request, including:

    • User - Username saved in the extension managed storage
    • AIGuard Config
      • policy - Policy assigned to the collector
    • Findings - Detailed detections report
    • Extra Info
      • app_name - Provider website application name
      • user_name - User's full name saved in the extension managed storage
      • site_url - Provider website location

To refresh the event log table, click the reload icon.

Learn more about the Findings page in the Logs & Findings documentation .

Visualize your data

Click Visibility in the top menu to explore patterns in AIDR-processed AI data flows and associated metrics.

In the interactive Sankey diagram, you can visualize relationships between entities captured in event logs. Select up to three attributes from the event metadata. For example, connect User Name - Application Name - Status to see which users visited which AI providers and the AIDR outcomes.

Learn more about visualizing AI flows, supported metadata attributes, and metrics dashboards in the Data Flows & Dashboards documentation .

636 Ramona St Palo Alto, CA 94301

Guides
Services
SDKs & APIs

©2026 CrowdStrike. All rights reserved.

PrivacyYour Privacy ChoicesTerms of UseLegal Notices
Contact Us