Data Flows & Dashboards
Event data collected in AIDR is presented on the Visibility page in the AIDR console through interactive diagrams, charts, and dashboards.
These visualizations let you see how AI is used across your organization, surface risky usage patterns, and monitor the effectiveness of AI policies and controls.
Data flows
The interactive Sankey diagram on the Visibility page lets you visualize event data by connecting different attributes. This view helps you explore relationships and patterns across your AI activity.
Attributes automatically assigned by AIDR:
- Collector ID - Unique ID of the registered collector
- Collector Type - Type of collector , such as
application,mcp-server, etc.
Attributes provided by a collector instance:
- Actor Name - Name of the entity initiating the request
- Actor - ID of the entity initiating the request. Defaults to the Actor Name if provided. If neither is available, AIDR assigns a value based on the API credentials used by this collector instance.
- Application ID - ID of the application where the collector is running
- Application Name - Name of the application where the collector is running
- Model Name - LLM model name, for example
gpt-4o - Provider - AI provider name, for example
openai,anthropic,azureai - Collector Instance ID - Unique runtime instance of the collector
Only attribute values present in your ingested event data appear in the Sankey diagram. For the most consistent results, use attributes that are reliably populated - for example, Actor is might be a more dependable reference than Actor Name. You can make ID-based attributes easier to read by creating aliases, as described in the Alias Mapping documentation.
This view supports pattern recognition, anomaly detection, and risk exposure mapping. It helps answer questions such as:
- Which providers or models dominate usage patterns?
- Are unapproved providers or models being used, and through which applications?
- Which users are accessing which applications and models, and at what volume?
- How do different collector types contribute to observed traffic?
- Are there unexpected or unusually high-volume flows from unapproved applications or users?
Below are example use cases and corresponding three-node Sankey configurations that illustrate common AI activity patterns:
| Use Case | Attributes | Description |
|---|---|---|
| Actor - Application - Provider | Shows which employees are using which AI providers, and through which applications. Helps uncover unsanctioned tools or traffic observed by browser collectors. |
| Application - Collector Type - Model | Identifies which applications are being monitored, by which collector types, and what models they are accessing. |
| Application - Collector Type - Collector | Verifies that collector instances are deployed correctly and covering intended applications. Useful for operations and validation. |
- Hover over elements in the diagram to view metrics and see the breakdown by detection type.
- Use the View next 10 + and View previous - buttons to scroll through nodes when more data is available than can fit on the screen.
Dashboards
The dashboards on the Visibility page give additional insight into AI traffic patterns and potential risk exposure.
Visibility
The Visibility dashboard shows metrics associated with AIDR entities, presented as nodes in the Sankey diagram:
- Tokens - Number of tokens submitted by collectors to the AIDR service
- Events - Number of submitted events
- Detections - Number of detections associated with those events
Aggregated counts appear at the top of the dashboard, along with a time-series chart that visualizes the metrics over time.
You can:
- Hover over the counts to see a breakdown by detection type.
- Hover over the chart data points to view attribute-specific counts for a selected time interval.
Policy Detections
The Policy Detections dashboard shows metrics aggregated by detection type, helping you see how often different detectors trigger within the currently applied filters.
- Tokens - Number of tokens associated with events that triggered the detection type
- Executions - Number of detector invocations for the detection type
- Detections - Number of detections of the detection type
Active Collectors
The Active Collectors dashboard shows which collector types contributed to the currently visualized data, along with their associated metrics:
- Tokens (first column) - Number of tokens from events submitted by the collector type
- Events (second column) - Number of events submitted by the collector type
- Detections (third column) - Number of detections linked to those events
You can hover over the counts to see a breakdown by detection type.
Activity over time
At the bottom of the Visibility page, a stacked area chart shows trends in Events, Detections, and Users over time. Each band’s size reflects the count of that metric during the selected interval, making it easy to compare relative volume and change.
Hover over any point to see the exact counts for that time period.
Filters
You can limit the data shown on the Visibility page using filter controls.
You can filter by the following dimensions:
- Detections - Show only events that triggered detections defined in collector policies.
- Time range - Show events within a specific time window.
- Attribute values - Show events matching specific attributes, such as a particular actor, application, or other AIDR entity of interest.
Filtering criteria can combine multiple dimensions. For example: “Show me all events from the last 7 days that triggered a detection and involved a specific user.”
The filters you define can be saved and reused later.
Filters applied on the Visibility page also carry over to the Findings page, letting you correlate visualized data flows with specific events and detections.
Click View Matching Events in a filtered view to open the Findings page and see the corresponding events.
Quick filters
You can quickly apply filters by clicking the following elements on the Visibility page:
- DETECTIONS (button) - Limit the data to events that triggered a detection defined in your policies. Click ACTIVITY to remove this filter and return to the full event view.
- Date range dropdown - Select a predefined time range from the dropdown next to the search bar at the top of the page. You can also use Set custom range to define and apply your own interval.
- Attribute nodes - Click any node in the Sankey diagram or the Visibility dashboard to filter by that specific attribute value. For example, clicking an actor node filters the data to only show events involving that user.
- Policy Detections - Click a detection type in the Policy Detections dashboard to show only events that triggered that detection.
- Active Collectors - Click a collector type in the Active Collectors dashboard to show only events collected by that type.
The Visualize Sample Data option in the filter dropdown lets you switch between your ingested data and a built-in sample dataset. This dataset helps you explore AIDR’s capabilities before you have enough representative data of your own.
The sample dataset does not include real user data and cannot be viewed together with ingested data or on the Findings page.
Search bar
Use the search bar at the top of the page to create filters with specific attributes and operators. When you place your cursor in the field, a dropdown shows the available options. Select an attribute and operator, enter a value to match, and press Enter to apply the condition.
Filtered views
You can add multiple conditions combined with AND logic.
Each condition is cumulative, letting you drill down into specific subsets of your data.
Applied conditions appear as pills at the top of the Visibility page, below the search bar. Click a condition to show the edit link, then use it to open the filter dialog and modify the condition.
To save the current filter set, click the 💾 icon next to the filter dropdown in the top right of the Visibility page. If there are unsaved changes, the icon appears yellow. After saving, it turns white.
Apply a saved filter set by selecting it from the filter dropdown.
To refresh the displayed data, click the 🔄 icon next to the filter dropdown.
If you enter an invalid condition, or if a condition set on the Findings page does not apply to the Visibility page, the filter pill appears greyed out and cannot be clicked.
Was this article helpful?