Block OpenAI within iTerm2, but allow through browser

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Block OpenAI within iTerm2, but allow through browser

L1 Bithead

Hello, I know it's silly, but we are looking to do just what the subject of this topic says. With the release of iTerm2 version 3.5.0 there are ai integrations to OpenAI. We want to block this traffic if it's from the "UserAgentiTerm2/3.5.0", but allow this traffic if it's web based. I know that sounds silly, but that's the request in my company.

 

I was trying to create a custom vulnerability with the UserAgent, but I'm not seeing that as an option. What else are we doing in order to block this via Palo?

 

We are able to get more details with a log ingestion too, but below is the criteria of traffic we are looking to block from a single log avent. If all of these are true, block, else allow it:

  • Applicationopenai-api
  • URLapi.openai.com/v1/chat/completions
  • URLCategoryartificial-intelligence
  • UserAgentiTerm2/3.5.0 CFNetwork/1496.0.7 Darwin/23.5.0
3 REPLIES 3

L3 Networker

First, In order for this to work, you need to make sure that traffic is decrypted. The web TLS traffic might be easy to do, but the iterm who knows. When traffic is not decrypted you are at the merci of using the SAN value in the certificate. 

Now, I am assuming that the iterm trafifc is through the API, if the traffic is not getting decrypt, might not match the web traffic because the certificate might be different. What I would do is setup a policy to allow the decrypted traffic using the App-ID and URL filtering and then block the API traffic based on their IPs based on this information
https://platform.openai.com/docs/actions/production
See if that works, or perhaps you might need to block the API first, check the traffic patterns to see what works best.

 

Regards,

Hello. Yes we are decrypting the traffic no issues there. We do want to allow other openai-api calls through the browser, specifically want to block with the use of the iTerm2 application. Now I can setup a policy to block traffic to that URL, with the App-ID of Openai-api, and that will get me closer. However if the URL changes I don't want to have to keep updating the rule. I'm more curious how to create a custom vulnerability based on the UserAgent field I see from our 3rd party logging tool the Palo logs don't show me in Panorama?

Here is more of the 3rd party log with any company information redacted. I bolded some fields of interest I would like to use for the custom vulnerability. However I'm not finding any Palo documentation to explain their different "context" fields when creating the signature of a custom vulnerability.

 

Action: allow
   Applicationopenai-api
   ConfigVersion: 10.2
   ContainerID: null
   ContainerName: null
   ContainerNameSpace: null
   ContentType: null
   ContentVersion: 0
   DGHierarchyLevel1: 21
   DGHierarchyLevel2: 18
   DGHierarchyLevel3: 0
   DGHierarchyLevel4: 0
   DestinationAddress: 104.18.6.192
   DestinationDeviceCategory: null
   DestinationDeviceHost: null
   DestinationDeviceMac: null
   DestinationDeviceModel: null
   DestinationDeviceOSFamily: null
   DestinationDeviceOSVersion: null
   DestinationDeviceProfile: null
   DestinationDeviceVendor: null
   DestinationDynamicAddressGroup: null
   DestinationEDL: null
   DestinationLocation: US
   DestinationPort: 443
   DestinationUUID: null
   DestinationUser: null
   DeviceName: GP cloud service
   DeviceSN: no-serial
   DirectionOfAttack: client to server
   DynamicUserGroupName: null
   EndpointSerialNumber: null
   FromZone: trust
   HTTP2Connection: 247541
   HTTPHeaders: null
   HTTPMethod: post
   HostID: null
   IMEI: null
   IMSI: 0
   InboundInterface: tunnel.1
   InlineMLVerdict: unknown
   LogSetting: Redacted
   LogType: THREAT
   NATDestination: 104.18.6.192
   NATDestinationPort: 443
   NATSource: Redacted
   NATSourcePort: 56324
   NSSAINetworkSliceType: null
   OutboundInterface: ethernet1/1
   PacketID: 0
   ParentSessionID: 0
   ParentStarttime: 2024-05-31T13:01:27.000000Z
   Protocol: tcp
   Referer: null
   RepeatCount: 1
   Rule: Redacted
   RuleUUID: b12c9089-9de8-482c-bf07-d9ca3f0197c0
   SequenceNo: 7364170906109984247
   SessionID: 848202
   SigFlags: 0
   SourceAddress: Redacted
   SourceDeviceCategory: null
   SourceDeviceHost: null
   SourceDeviceMac: null
   SourceDeviceModel: null
   SourceDeviceOSFamily: null
   SourceDeviceOSVersion: null
   SourceDeviceProfile: null
   SourceDeviceVendor: null
   SourceDynamicAddressGroup: null
   SourceEDL: null
   SourceLocation: Redacted
   SourcePort: 50070
   SourceUUID: null
   SourceUser: Redacted
   Subtype: url
   TimeGenerated: 2024-05-31T13:01:28.000000Z
   TimeGeneratedHighResolution: 2024-05-31T13:01:29.508000Z
   TimeReceived: 2024-05-31T13:01:33.000000Z
   ToZone: untrust
   Tunnel: N/A
   URLapi.openai.com/v1/chat/completions
   URLCategory: artificial-intelligence
   URLCategoryList: artificial-intelligence,computer-and-internet-info,low-risk
   URLCounter: 1
   UserAgentiTerm2/3.5.0 CFNetwork/1496.0.7 Darwin/23.5.0
   VendorSeverity: Informational
   VirtualLocation: vsys1
   VirtualSystemName:
   X-Forwarded-For: null
   X-Forwarded-ForIP: null

And to be fair the URL is shared with the Python integration we want to allow, so it needs to be by the UserAgent of iterm2

  • 1472 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!