Settings
Manage score weights and connect signal sources — Okta, CrowdStrike, SIEM, and more.
Presets
Click to load — requires review before savingCustom Weights
Weights must sum to 100%. Changes require an AI review before saving.
AI Weight Review
Signal Sources
Okta
Pulls AI app usage and auth anomalies from Okta System Log. Shadow AI inventory + auth risk signals.
OKTA_DOMAIN=yourorg.okta.com OKTA_API_TOKEN=SSWS 00...
CrowdStrike Falcon
Detects AI process runtimes (ollama, llamacpp) and API connections to hosted LLM services via EDR telemetry.
CROWDSTRIKE_CLIENT_ID=... CROWDSTRIKE_CLIENT_SECRET=...
SIEM
Pulls DNS/proxy events for AI service traffic. Supports Splunk and Microsoft Sentinel (Log Analytics).
SPLUNK_URL=https://... SPLUNK_TOKEN=... # — or Sentinel — SENTINEL_WORKSPACE_ID=... SENTINEL_TENANT_ID=...
Netskope CASB
Upload-volume proxy for PII detection to AI services. Flags large uploads as potential data exfil signals.
NETSKOPE_TENANT=... NETSKOPE_API_TOKEN=...
GitHub
Scans PR diffs for LLM imports and exposed API key patterns. Feeds agent_discovered and integrity_violation signals.
GITHUB_TOKEN=ghp_... GITHUB_ORG=your-org
Custom Signal API
POST any signal from any tool directly. Works with SOAR playbooks, custom scripts, or any system that can make HTTP requests.
{ source_type, signal_type,
subject_id, value }
Enrichment & Infrastructure
Snapper
Optional — provides red team pass rates and MCP integrity data to enrich posture scores.
SNAPPER_URL=https://... SNAPPER_API_KEY=sk-snapper-...
M365 / Entra ID
Optional — reads sign-in logs to surface corporate AI service usage (Copilot, ChatGPT, etc.) in the Shadow AI monitor.
M365_TENANT_ID=... M365_CLIENT_ID=... M365_CLIENT_SECRET=...
App registration needs: AuditLog.Read.All, Reports.Read.All
Org Key
When set, the X-Org-Key header is required on all write endpoints (telemetry, assets). Protects multi-tenant deployments.
ORG_KEY=your-key-here