Posture Control (DSPM)
Viewing the Graph for AI Services
The graph for an Azure AI service is a visual representation of the data scan result. It depicts the access path for the Azure AI service (Azure AI Foundry Hub) where it has access to the storage account containing sensitive data. DSPM also detects if the AI service is publicly exposed to the internet, including the public exposure path, and the list of entities that can access the AI service. These details are helpful to quickly evaluate and remediate the issues, protect the sensitive data, and maintain a strong security posture.
To view the graph for AI services:
- Go to Analytics > Data Inventory.
On the Data Inventory page, click the AI service.
The graph is displayed on the Risk Explorer tab. In this example, the graph for an Azure AI Foundry hub is shown.
- Click the nodes to view additional details of each entity:
- Storage Account
The storage account that contains the sensitive records.
- Go to Azure: Access the Azure portal to view the storage account.
- Metadata: Click to view the metadata for the account.
- View Sensitive Data: Click to view the details of the sensitive records stored in the storage account.
Close - Sensitive Record
The details of the sensitive record, including the DLP engines and dictionaries that match the record, the security posture of the record, ID and tags, and the timestamp of the last completed scan.
Close - Public Internet
- Users
- External
The external entities that can access the AI service. These entities are part of a different cloud account that is not onboarded to the DSPM Admin Portal.
Close - Applications
- Services
- Managed Identity
- Storage Account
