Get Started with AIDR Console

In the Falcon console, click Open menu (☰) and go to

AI detection and response > Visibility .

Visualize sample data

Before you ingest your own data, you can explore a sample dataset on the Visibility page to see how AIDR visualizes relationships between applications, actors, collectors, and other entities found in AI-related events.

Dashboards organize relationships between actors, applications, collectors, and AI providers by key attributes:

Attributes automatically assigned by AIDR:

• Collector ID - Unique ID of the registered collector
• Collector Type - Type of collector , such as application, mcp-server, etc.

Attributes provided by a collector instance:

• User - ID of the entity initiating the request. Defaults to the User Name if provided; otherwise, AIDR assigns a value based on the API credentials used by this collector instance.
• User Name - Name of the entity initiating the request
• Application ID - ID of the application where the collector is running
• Application Name - Name of the application where the collector is running
• Collector Instance ID - Unique runtime instance of the collector
• Model Name - LLM model name, for example gpt-4o
• Policy - Applied policy, for example aidr_app_monitor_output_policy
• Provider - AI provider name, for example openai, anthropic, azureai

Once you begin ingesting your own data, it will appear on the Visibility page instead of the sample dataset. You can use the Visualize Sample Data option in the filters dropdown to switch back to the sample data view while you build up real-world coverage.

Register collector

You can register an Application collector and use its Playground - an interactive UI for making sample requests to AIDR APIs without deploying any code.

1. On the Collectors page, click + Collector.

2. Choose Application as the collector type, then select the Application option and click Next.

3. On the Add a Collector screen:

   • Collector Name - Enter a descriptive name for the collector to appear in dashboards and reports.
   • Logging - Select whether to log incoming (prompt) data and model responses, or only metadata submitted to AIDR.
   • Policy (optional) - Assign a policy to apply to incoming data and model responses.

   The assigned policy determines which detections run on data sent to AIDR. Policies detect malicious activity, sensitive data exposure, topic violations, and other risks in AI traffic.

   • You can select an existing policy available for this collector type or create new policies on the Policies page.

     The selected policy name appears under the dropdown. Once the collector registration is saved, this label becomes a link to the corresponding policy page.

   • You can also select No Policy, Log Only. When no policy is assigned, AIDR records activity for visibility and analysis, but does not apply detection rules to the data.

4. Click Save to complete collector registration.

This opens the collector details page, where you can:

• Update the collector name, its logging preference, and reassign the policy.
• Follow the policy link to view the policy details.
• Copy credentials to use in the deployed collector for authentication and authorization with AIDR APIs.
• View installation instructions for the collector type.
• View the collector's configuration activity logs.
• Access the Playground feature for Application collectors to test the collector's policy rules.

If you need to return to the collector details page later, select your collector from the list on the Collectors page.

Submit sample data using the Playground

On the Application collector details page, switch to the Playground tab.

Select the values you want to use in your sample request:

• Input Policy or Output Policy - In the top right, select a predefined policy to apply to the request. You can see the policy details by following the link next to the policy selection dropdown.
• Text to guard - The text you want to send to the AIDR API for processing. You can use the sample text provided or enter your own to see how the policy is applied.
• Application Name - The label associated with the request, as it will appear in the visualization.
• Model - The model to use for the request, such as gpt-4o, as it will appear in the visualization.

Click Send.

The RESPONSE section shows the full response from the AIDR API.

Try different inputs to see how AIDR policies are applied to various types of content.

Interpreting responses

In the response from the AIDR API, the information you see will depend on the applied policy. It can include:

• Summary of actions taken
• Applied AIDR policy rules
• Processed input or output
• Detectors that were used
• Details of any detections made
• Whether the request was blocked
• Whether the request was transformed

Your application can use this information to decide the next steps - for example, cancel the request, inform the user, or further process the data.

For more details about API request and response formats, see the AIDR APIs documentation.

Playground submissions appear in AIDR for analysis and visualization.

View detailed logs

Click Findings in the top menu to review events processed by AIDR.

The AIDR console displays each submitted request along with the application and model name you provided in the Playground. It also shows automatically populated metadata fields such as timestamp and collector ID.

Visualize your data

Click Visibility to return to the visualization page. Your submitted data now appears in the dashboards instead of the sample dataset.

Next steps

• Learn more about other Collector Types that can be registered to collect data from different sources. Some, such as gateway and agent collectors, can automatically enforce policies on AI traffic.
• Configure access and prompt rules on the Policies page in the AIDR console to align detection and enforcement with your organization's AI usage guidelines.
• View AIDR dashboards and detailed logs displayed on Visibility and Findings pages in the AIDR console.