Monitoring ChatGPT Usage in Microsoft Sentinel

Answering questions that should've been asked

Some of you know I’ve been on a trek recently to determine what can and can’t be monitored for GPT. Sadly, there’s been more work done in integrating ChatGPT responses into Microsoft Sentinel than actually taking a step back and understanding the implications of doing so. It’s one of those cases where the results are so cool that the shiny object distracts from common sense.

Heck, I’m not without sin as I have my own here for those that missed it: Dipping a Toe into the Microsoft Sentinel Integration with GPT-3.

But, since then, I’ve taken my own step back to try and come to terms with this AI stuff and how best to monitor and secure it.

Since then, I’ve Open-Sourced Discussions and Content for Responsible and Secure AI and started Building Microsoft Sentinel Detections for Azure Open AI.

There’s more coming and a group of us are working on how to get this all under control. I’ve been working on a number of ways to detect specific occurrences in Azure Open AI and you can find those KQL queries here: OpenAISecurity/Security/Sentinel/KQL at main · rod-trent/OpenAISecurity (github.com)

So, we’ve made it extremely easy to utilize the ChatGPT (OpenAI) Logic App for responses in Microsoft Sentinel Incidents through Playbooks, but there’s been very little done to discuss how to monitor and secure the APIs and determine usage.

That’s where this blog comes in. For those interested, I believe we finally have the very first Microsoft Sentinel Analytics Rule for ChatGPT!

This detection utilizes a Watchlist that is maintained with the list of “approved” users who should be able to utilize the ChatGPT (OpenAI) Logic App (the API). The rule collects the user and IP information from the identified culprit. Remediation could be minimizing access to the resource or resource group and the detection can also be used to identify general excessive access to resources.

The example Watchlist and Analytics Rule is available for anyone from here: OpenAISecurity/Security/Sentinel/Detections/ChatGPT at main · rod-trent/OpenAISecurity (github.com)

This is my repo for ongoing collection and storage of content and code for the efforts in solving the AI monitoring and security conundrum. Feel free to watch, fork, or follow the repo. And I’m always happy to collaborate to get the job done.

More to come.

This blog post comes with an assumed disclaimer. Substack is not a Microsoft property, nor is this blog any indication of an official communication from Microsoft. This is my blog and my work and my activity. My job here on this blog is to show the possible and invite you all to do the same.

[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Microsoft Sentinel Newsletter]

[Subscribe to the Weekly Microsoft Defender Newsletter]

[Learn KQL with the Must Learn KQL series and book]