https://live.paloaltonetworks.com/t5/prisma-access-discussions/block-openai-within-iterm2-but-allow-through-browser/m-p/588501#M779 <P>And to be fair the URL is shared with the Python integration we want to allow, so it needs to be by the UserAgent of iterm2</P> Fri, 31 May 2024 13:31:33 GMT TravisFleming 2024-05-31T13:31:33Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/block-openai-within-iterm2-but-allow-through-browser/m-p/588146#M773 <P>Hello, I know it's silly, but we are looking to do just what the subject of this topic says. With the release of iTerm2 version 3.5.0 there are ai integrations to OpenAI. We want to block this traffic if it's from the "<SPAN class="key-name">UserAgent</SPAN><SPAN>:&nbsp;</SPAN><SPAN class="t string" data-path="UserAgent">iTerm2/3.5.0", but allow this traffic if it's web based. I know that sounds silly, but that's the request in my company.</SPAN></P> <P>&nbsp;</P> <P><SPAN class="t string" data-path="UserAgent">I was trying to create a custom vulnerability with the UserAgent, but I'm not seeing that as an option. What else are we doing in order to block this via Palo?</SPAN></P> <P>&nbsp;</P> <P><SPAN class="t string" data-path="UserAgent">We are able to get more details with a log ingestion too, but below is the criteria of traffic we are looking to block from a single log avent. If all of these are true, block, else allow it:</SPAN></P> <UL> <LI><SPAN class="t string" data-path="UserAgent"><SPAN class="key-name">Application</SPAN><SPAN>:&nbsp;</SPAN>openai-api</SPAN></LI> <LI><SPAN class="t string" data-path="UserAgent"><SPAN class="key-name">URL</SPAN><SPAN>:&nbsp;</SPAN><SPAN class="t string h" data-path="URL">api.openai.com/v1/chat/completions</SPAN></SPAN></LI> <LI><SPAN class="t string" data-path="UserAgent"><SPAN class="t string h" data-path="URL"><SPAN class="key-name">URLCategory</SPAN><SPAN>:&nbsp;</SPAN>artificial-intelligence</SPAN></SPAN></LI> <LI><SPAN class="t string" data-path="UserAgent"><SPAN class="t string h" data-path="URL"><SPAN class="key-name">UserAgent</SPAN><SPAN>:&nbsp;</SPAN>iTerm2/3.5.0 CFNetwork/1496.0.7 Darwin/23.5.0</SPAN></SPAN></LI> </UL> Tue, 28 May 2024 20:44:21 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/block-openai-within-iterm2-but-allow-through-browser/m-p/588146#M773 TravisFleming 2024-05-28T20:44:21Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/block-openai-within-iterm2-but-allow-through-browser/m-p/588465#M777 <P>First, In order for this to work, you need to make sure that traffic is decrypted. The web TLS traffic might be easy to do, but the iterm who knows. When traffic is not decrypted you are at the merci of using the SAN value in the certificate.&nbsp;</P> <P>Now, I am assuming that the iterm trafifc is through the API, if the traffic is not getting decrypt, might not match the web traffic because the certificate might be different. What I would do is setup a policy to allow the decrypted traffic using the App-ID and URL filtering and then block the API traffic based on their IPs based on this information<BR /><A href="https://platform.openai.com/docs/actions/production" target="_blank" rel="noopener">https://platform.openai.com/docs/actions/production</A><BR />See if that works, or perhaps you might need to block the API first, check the traffic patterns to see what works best.</P> <P>&nbsp;</P> <P>Regards,</P> Fri, 31 May 2024 08:04:25 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/block-openai-within-iterm2-but-allow-through-browser/m-p/588465#M777 SuperMario 2024-05-31T08:04:25Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/block-openai-within-iterm2-but-allow-through-browser/m-p/588500#M778 <P>Hello. Yes we are decrypting the traffic no issues there. We do want to allow other openai-api calls through the browser, specifically want to block with the use of the iTerm2 application. Now I can setup a policy to block traffic to that URL, with the App-ID of Openai-api, and that will get me closer. However if the URL changes I don't want to have to keep updating the rule. I'm more curious how to create a custom vulnerability based on the UserAgent field I see from our 3rd party logging tool the Palo logs don't show me in Panorama?</P> <P>Here is more of the 3rd party log with any company information redacted. I bolded some fields of interest I would like to use for the custom vulnerability. However I'm not finding any Palo documentation to explain their different "context" fields when creating the signature of a custom vulnerability.</P> <P>&nbsp;</P> <P><SPAN class="key level-1"><SPAN class="key-name">Action</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="Action">allow</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><STRONG><SPAN class="key level-1"><SPAN class="key-name">Application</SPAN>:&nbsp;<SPAN class="t string" data-path="Application">openai-api</SPAN></SPAN></STRONG><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">ConfigVersion</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="ConfigVersion">10.2</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">ContainerID</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="ContainerID">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">ContainerName</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="ContainerName">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">ContainerNameSpace</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="ContainerNameSpace">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">ContentType</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="ContentType">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">ContentVersion</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="ContentVersion">0</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DGHierarchyLevel1</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t number" data-path="DGHierarchyLevel1">21</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DGHierarchyLevel2</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t number" data-path="DGHierarchyLevel2">18</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DGHierarchyLevel3</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t number" data-path="DGHierarchyLevel3">0</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DGHierarchyLevel4</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t number" data-path="DGHierarchyLevel4">0</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DestinationAddress</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="DestinationAddress">104.18.6.192</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DestinationDeviceCategory</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="DestinationDeviceCategory">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DestinationDeviceHost</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="DestinationDeviceHost">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DestinationDeviceMac</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="DestinationDeviceMac">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DestinationDeviceModel</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="DestinationDeviceModel">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DestinationDeviceOSFamily</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="DestinationDeviceOSFamily">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DestinationDeviceOSVersion</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="DestinationDeviceOSVersion">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DestinationDeviceProfile</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="DestinationDeviceProfile">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DestinationDeviceVendor</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="DestinationDeviceVendor">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DestinationDynamicAddressGroup</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="DestinationDynamicAddressGroup">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DestinationEDL</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="DestinationEDL">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DestinationLocation</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="DestinationLocation">US</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DestinationPort</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t number" data-path="DestinationPort">443</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DestinationUUID</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="DestinationUUID">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DestinationUser</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="DestinationUser">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DeviceName</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="DeviceName">GP cloud service</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DeviceSN</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="DeviceSN">no-serial</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DirectionOfAttack</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="DirectionOfAttack">client to server</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">DynamicUserGroupName</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="DynamicUserGroupName">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">EndpointSerialNumber</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="EndpointSerialNumber">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">FromZone</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="FromZone">trust</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">HTTP2Connection</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t number" data-path="HTTP2Connection">247541</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">HTTPHeaders</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="HTTPHeaders">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">HTTPMethod</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="HTTPMethod">post</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">HostID</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="HostID">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">IMEI</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="IMEI">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">IMSI</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t number" data-path="IMSI">0</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">InboundInterface</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="InboundInterface">tunnel.1</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">InlineMLVerdict</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="InlineMLVerdict">unknown</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">LogSetting</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="LogSetting">Redacted</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">LogType</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="LogType">THREAT</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">NATDestination</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="NATDestination">104.18.6.192</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">NATDestinationPort</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t number" data-path="NATDestinationPort">443</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">NATSource</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="NATSource">Redacted</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">NATSourcePort</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t number" data-path="NATSourcePort">56324</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">NSSAINetworkSliceType</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="NSSAINetworkSliceType">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">OutboundInterface</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="OutboundInterface">ethernet1/1</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">PacketID</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t number" data-path="PacketID">0</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">ParentSessionID</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t number" data-path="ParentSessionID">0</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">ParentStarttime</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="ParentStarttime">2024-05-31T13:01:27.000000Z</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">Protocol</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="Protocol">tcp</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">Referer</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="Referer">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">RepeatCount</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t number" data-path="RepeatCount">1</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">Rule</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="Rule">Redacted</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">RuleUUID</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="RuleUUID">b12c9089-9de8-482c-bf07-d9ca3f0197c0</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SequenceNo</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t bigint" data-path="SequenceNo">7364170906109984247</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SessionID</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t number" data-path="SessionID">848202</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SigFlags</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t number" data-path="SigFlags">0</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SourceAddress</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="SourceAddress">Redacted</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SourceDeviceCategory</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="SourceDeviceCategory">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SourceDeviceHost</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="SourceDeviceHost">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SourceDeviceMac</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="SourceDeviceMac">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SourceDeviceModel</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="SourceDeviceModel">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SourceDeviceOSFamily</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="SourceDeviceOSFamily">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SourceDeviceOSVersion</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="SourceDeviceOSVersion">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SourceDeviceProfile</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="SourceDeviceProfile">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SourceDeviceVendor</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="SourceDeviceVendor">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SourceDynamicAddressGroup</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="SourceDynamicAddressGroup">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SourceEDL</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="SourceEDL">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SourceLocation</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="SourceLocation">Redacted</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SourcePort</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t number" data-path="SourcePort">50070</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SourceUUID</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="SourceUUID">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">SourceUser</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="SourceUser">Redacted</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">Subtype</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="Subtype">url</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">TimeGenerated</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="TimeGenerated">2024-05-31T13:01:28.000000Z</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">TimeGeneratedHighResolution</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="TimeGeneratedHighResolution">2024-05-31T13:01:29.508000Z</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">TimeReceived</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="TimeReceived">2024-05-31T13:01:33.000000Z</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">ToZone</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="ToZone">untrust</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">Tunnel</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="Tunnel">N/A</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><STRONG><SPAN class="key level-1"><SPAN class="key-name">URL</SPAN>:&nbsp;<SPAN class="t string" data-path="URL">api.openai.com/v1/chat/completions</SPAN></SPAN></STRONG><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">URLCategory</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="URLCategory">artificial-intelligence</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">URLCategoryList</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="URLCategoryList">artificial-intelligence,computer-and-internet-info,low-risk</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">URLCounter</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t number" data-path="URLCounter">1</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><STRONG><SPAN class="key-name">UserAgent</SPAN>:&nbsp;</STRONG><SPAN class="t string" data-path="UserAgent"><STRONG>iTerm2/3.5.0</STRONG> CFNetwork/1496.0.7 Darwin/23.5.0</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">VendorSeverity</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="VendorSeverity">Informational</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">VirtualLocation</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t string" data-path="VirtualLocation">vsys1</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">VirtualSystemName</SPAN>:</SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">X-Forwarded-For</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="X-Forwarded-For">null</SPAN></SPAN><BR /><SPAN>&nbsp;&nbsp;&nbsp;</SPAN><SPAN class="key level-1"><SPAN class="key-name">X-Forwarded-ForIP</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="t null" data-path="X-Forwarded-ForIP">null</SPAN></SPAN></P> Fri, 31 May 2024 13:28:21 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/block-openai-within-iterm2-but-allow-through-browser/m-p/588500#M778 TravisFleming 2024-05-31T13:28:21Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/block-openai-within-iterm2-but-allow-through-browser/m-p/588501#M779 <P>And to be fair the URL is shared with the Python integration we want to allow, so it needs to be by the UserAgent of iterm2</P> Fri, 31 May 2024 13:31:33 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/block-openai-within-iterm2-but-allow-through-browser/m-p/588501#M779 TravisFleming 2024-05-31T13:31:33Z