How to identify AI usage within Local Network with PA-FW

AI identification in the local network.

Information sourced via ACC within PA-FW and S1 console to fill in any gaps of information not available in the firewall.

Login to firewall and navigate to ACC tab
1. Global Filter: app sub category = artificial-intelligence
2. Captured all AI usage within local network
Scroll to Source IP Activity, then add source IP to Global Filter
1. Global Filter: app sub category = artificial-intelligence + source address = 192.168.x.x
2. you will now see which source IP is accessing which AI tools
3. created table chart to map out source IP to AI tools being used by each individual within the network.
Hostnames can be collected from DHCP pool
If GlobalProtect is configured, you can gather hostnames/usernames collected from gateway connections
1. Network > GlobalProtect > Gateway > Remote Users
2. search for local IP to collect hostname and user name
If an LANs are managed by local domain controller, we will have less visibility outside of IP address in FW. Use S1 console to source hostnames and users
1. accessed client group and use filter; Local IP = 192.168.0.x (update to the local IP scheme in use at client location)
2. select Endpoint Name (hostname) and switch to Active Directory Tab to collect last distinguished name of user, if AD information is available.
3. If no AD is present, we must rely on General Tab and "last logged in" field.