Administration Settings
To open the administration settings in the AIDR console, click ⚙️ Settings in the lower-left corner. In the menu that opens, use the top section to navigate directly to configuration pages.
For example:
- Select Account or Organization to manage your organization profile.
- Select Data Export to configure forwarding of collector data to your SIEM.
From the same menu, you can also:
- Switch between organizations (if you are a member of multiple organizations).
- Open the Pangea Developer Console to manage security services for your AI projects.
- Sign out of the AIDR console.
Organization details
You can view your organization details on the ORGANIZATION >> Overview page. You can change the organization name as it appears in the organization selector.
To update your personal information, such as your name and contact details, go to the MY ACCOUNT >> General page.
Sign-in security
To change your AIDR console password, go to MY ACCOUNT >> General and click Change Password.
On the Security page, you can enable multi-factor authentication (MFA) using one or more of the following methods:
- Time-based One-time Password (TOTP) - Use an authenticator app (for example, Google Authenticator) to sign in with a six-digit code.
- Email Verification Code - Receive a six-digit code by email.
- SMS Verification - Receive a six-digit code by text message.
You can also manage passkeys, a phishing-resistant and convenient way to sign in:
- Passkeys - View and remove passkey registrations for all members of your AIDR organization account.
User memberships
Manage AIDR console users and their memberships on the ORGANIZATION >> Members page.
Use the + Invite button to add new members to your organization. When inviting, you can assign one of the following roles:
-
Admin - Grants full access to AIDR console features. Admins can:
- Manage Members and other organization-wide settings.
- Create and manage Collectors and Policies.
- Configure log forwarding to SIEM systems on the PLATFORM >> Data Export page.
- View organization Activity logs.
- Perform all actions available to the Member role.
-
Member - Grants access to other AIDR console features. Members can:
- View collector and policy configurations, organization members, and log-forwarding setup.
- Filter and visualize collector log data on the Visibility and Findings pages.
- Manage Alias Mappings.
The Pending Invites section lists users who have been invited but have not yet accepted. After following the invitation link, new users are prompted to verify their email, provide personal details, and set up their sign-in credentials.
The Members section lists active users in your organization. From this page, admins can change user roles or remove members from the organization.
Organization activity logs
On the ORGANIZATION >> Activity page, you can view activity logs for your organization account and verify their tamperproof status.
Overview
Organization activity logs include the following types of events:
- Membership changes and other organization-level updates
- User sign-ins
- Collector and policy configuration changes
- Updates to the underlying AI Guard service configuration
Each logged event includes the following attributes:
- Time - Date and time of the event
- Actor - User who performed the action
- Action - Description of the action performed
- Target - ID of the affected resource
- Message - Short summary of the event
- Old - Previous value of the resource
- New - Updated value of the resource
You can filter the activity logs by date range and attributes. Use the search bar to refine results with:
- Completion suggestions for available attributes and their values
- Filter dialog (funnel icon)
- Date range control
Use the gear icon on the right to choose which columns are visible in the log table. You can also sort the table by clicking on the column headers.
Search bar
By default, the log viewer shows events from the past two hours.
To customize your search, you can:
- Click the funnel icon to open the filter dialog. Enter your criteria and click Search. The search syntax will appear in the search bar, and the matching results will be displayed in the table.
- Place your cursor in the search bar to view a dropdown of available search parameters. Start typing to filter the list and use autocompletion to build your query.
- Enter your query manually. Learn more about the search syntax in the Secure Audit Log documentation.
Date range
All searches must be limited to a time range, with the default set to the most recent two hours.
The date range selector next to the search button provides several options:
- Quick selections - Choose a relative range of 1, 7, or 30 days.
- Relative - Define a custom relative date range.
- Between - Search for log events between two specific dates.
- Before - Search for events that occurred before a specific date.
- After - Search for events that occurred after a specific date.
You can also filter results directly from the log table. Hover over a timestamp in a result row, then click the + button next to it to filter for that exact date or use it as the upper or lower limit of your search range.
Event details
To view all fields for an event, click its row in the search results. The row will expand to show every event field, including those not currently visible in the table.
If a field (such as Old or New) contains JSON data, it will be displayed as an interactive JSON tree.
Tamperproof information
Records in the log viewer are marked with icons that indicate their tamperproof status. Learn more about Tamperproofing in the Secure Audit Log documentation.
-
Lock icon
The lock icon shows that the membership proof for the log event has been verified. Click the icon to open a pop-up with details for independently verifying the event:
-
Status - Possible statuses are Verified, Unverified, or Failed.
- Unverified - Indicates cached records that are not yet committed.
- Failed - Displayed with a red lock icon.
-
Verification artifacts - Includes the message hash, membership proof, consistency proof, root hash, and a link to the published root hash.
-
Verification command - Provides a command you can run with Pangea’s Python SDK to verify the record’s tamperproof status.
-
-
Green line
A vertical green line between lock icons indicates that the consistency proof for the two adjacent log events has been verified.
Tamperproof icons appear asynchronously after search results are returned, as verification is performed.
Data Export
You can configure forwarding of collector data to your SIEM on the PLATFORM >> Data Export page. For setup instructions, see the Log Forwarding documentation.
Alias Mapping
Alias mappings let you assign custom labels to AIDR entity attributes displayed on the Visibility and Findings pages.
Manage alias mappings in Settings
On the Alias Mapping page in AIDR console settings, click Create to add a new mapping and provide the following details:
- Field - Attribute to map, such as
Actor,Application ID, orProvider - Source Identifier - Original value of the selected attribute
- Alias - Custom label that will be displayed instead of the original value
Click Save to create the mapping.
You can edit or delete an existing mapping from the triple-dot menu in its row.
Manage alias mappings on Visibility and Findings pages
On the Visibility and Findings pages, you can add or edit alias mappings directly by hovering over an attribute value and clicking the edit icon in the tooltip.
Aliases are highlighted in yellow, while original values appear in white.
Next steps
- Learn more about collector types and deployment options in the Collectors documentation.
- On the Policies page in the AIDR console, configure access and prompt rules to align detection and enforcement with your organization’s AI usage guidelines.
- View collected data on the Visibility and Findings pages in the AIDR console. Events are associated with applications, actors, providers, and other context fields - and may be visually linked using these attributes.
Was this article helpful?