Data Flows & Dashboards
AIDR presents event data on the Visibility page through interactive diagrams, charts, and dashboards.
These visualizations help you see how AI is used across your organization, surface risky usage patterns, and monitor the effectiveness of AI policies and controls.
Data flows
The interactive Sankey diagram on the Visibility page helps you visualize event data by connecting different attributes. This view helps you explore relationships and patterns across your AI activity.
Attributes automatically assigned by AIDR:
- Collector ID - Unique ID of the registered collector
- Collector Type - Type of collector , such as
application,mcp-server, etc.
Attributes provided by a collector instance:
- User - ID of the entity initiating the request. Defaults to the User Name if provided; otherwise, AIDR assigns a value based on the API credentials used by this collector instance.
- User Name - Name of the entity initiating the request
- Application ID - ID of the application where the collector is running
- Application Name - Name of the application where the collector is running
- Collector Instance ID - Unique runtime instance of the collector
- Model Name - LLM model name, for example
gpt-4o - Policy - Applied policy, for example
aidr_app_monitor_output_policy - Provider - AI provider name, for example
openai,anthropic,azureai
Only attribute values present in your ingested event data appear in the Sankey diagram. For consistent results, use attributes that are reliably populated - for example, User might be more dependable than User Name. You can make ID-based attributes easier to read by creating aliases, as described in the Alias Mapping documentation.
This view supports pattern recognition, anomaly detection, and risk exposure mapping. It helps answer questions such as:
- Which providers or models dominate usage patterns?
- Are unapproved providers or models being used, and through which applications?
- Which users are accessing which applications and models, and at what volume?
- How do different collector types contribute to observed traffic?
- Are there unexpected or unusually high-volume flows from unapproved applications or users?
Below are example use cases and corresponding three-node Sankey configurations for common AI activity patterns:
| Use Case | Attributes | Description |
|---|---|---|
| User - Application - Provider | Shows employees' AI provider usage through different applications. Helps uncover unsanctioned tools or traffic observed by browser collectors. |
| Application - Collector Type - Model | Identifies which applications are monitored, by which collector types, and which models they access. |
| Application - Collector Type - Collector | Verifies that collector instances are deployed correctly and cover intended applications. |
- Hover over elements in the diagram to view metrics and see the breakdown by detection type.
- Use the View next 10 + and View previous - buttons to scroll through nodes when more data is available than can fit on the screen.
Dashboards
The dashboards on the Visibility page provide additional insight into AI traffic patterns and potential risk exposure.
Visibility
The Visibility dashboard shows metrics associated with AIDR entities, presented as nodes in the Sankey diagram:
- Tokens - Number of tokens submitted by collectors to the AIDR service
- Events - Number of submitted events
- Detections - Number of detections associated with those events
Aggregated counts appear at the top of the dashboard, with a time-series chart that visualizes the metrics over time.
You can:
- Hover over the counts to see a breakdown by detection type.
- Hover over the chart data points to view attribute-specific counts for a selected time interval.
Policy Detections
The Policy Detections dashboard shows metrics aggregated by detection type, presenting how often different detectors trigger within the currently applied filters.
- Tokens - Number of tokens associated with events that triggered the detection type
- Executions - Number of detector invocations for the detection type
- Detections - Number of detections of the detection type
Active Collectors
The Active Collectors dashboard shows which collector types contributed to the currently visualized data and their associated metrics:
- Tokens (first column) - Number of tokens from events submitted by the collector type
- Events (second column) - Number of events submitted by the collector type
- Detections (third column) - Number of detections linked to those events
You can hover over the counts to see a breakdown by detection type.
Activity over time
At the bottom of the Visibility page, a stacked area chart shows trends in Events, Detections, and Users over time. Each band's size reflects that metric's count during the selected interval, enabling easy comparison of relative volume and change.
Hover over any point to see the exact counts for that time period.
Filters
You can limit the data shown on the Visibility page using filters.
You can filter by these dimensions:
- Detections - Show only events that triggered detections defined in collector policies.
- Time range - Show events within a specific time window.
- Attribute values - Show events matching specific attributes, such as a particular user, application, or other AIDR entity of interest.
Filtering criteria can combine multiple dimensions. For example: "Show me all events from the last 7 days that triggered a detection and involved a specific user." Submit this query using the search bar:
- Select Last 7 Days in the date range dropdown.
- Click DETECTIONS.
- Type in
user, then selectuser_id contains, and addjeffreyto search for a user with this value in their ID.
You can save the filters you define and reuse them later by clicking the save icon (floppy disk).
Filters applied on the Visibility page also carry over to the Findings page, helping you correlate visualized data flows with specific events and detections.
Click View Matching Events in a filtered view to open the Findings page and see the corresponding events.
Quick filters
You can quickly apply filters by clicking these elements on the Visibility page:
- DETECTIONS (button) - Limit the data to events that triggered a detection defined in your policies. Click ACTIVITY to remove this filter and return to the full event view.
- Date range dropdown - Select a predefined time range from the dropdown next to the search bar. You can also use Set custom range to define and apply your own interval.
- Attribute nodes - Click any node in the Sankey diagram or the Visibility dashboard to filter by that specific attribute value. For example, clicking an user node filters the data to only show events involving that user.
- Policy Detections - Click a detection type in the Policy Detections dashboard to show only events that triggered that detection.
- Active Collectors - Click a collector type in the Active Collectors dashboard to show only events collected by that type.
The Visualize Sample Data option in the filter dropdown helps you switch between your ingested data and a built-in sample dataset. This dataset helps you explore AIDR capabilities before you have enough representative data of your own.
The sample dataset does not include real user data and cannot be viewed together with ingested data or on the Findings page.
Search bar
Use the search bar at the top of the page to create filters with specific attributes and operators. When you place your cursor in the field, a dropdown shows the available options. Select an attribute and operator, enter a value to match, and press Enter to apply the condition.
Filtered views
You can add multiple conditions combined with AND logic.
Each condition is cumulative, helping you drill down into specific subsets of your data.
Applied conditions appear as pills at the top of the Visibility page, below the search bar. Click a condition to show the edit link, then use it to open the filter dialog and modify the condition.
To save the current filter set, click the 💾 icon next to the filter dropdown in the top right of the Visibility page. If there are unsaved changes, the icon appears yellow. After saving, it turns white.
Apply a saved filter set by selecting it from the filter dropdown.
To refresh the displayed data, click the 🔄 icon next to the filter dropdown.
If you enter an invalid condition, or if a condition set on the Findings page does not apply to the Visibility page, the filter pill appears greyed out and cannot be clicked.
Was this article helpful?