Welcome/Settings/Configuration

Configuration

Category
User Guide
Parent item
Settings
WitnessAI Documentation
List

Quick Start
Welcome
Supported Applications & LLMs
Release Notes
March 19, 2026 WitnessAI Update
March 17, 2026 WitnessAI Update
March 12, 2026 WitnessAI Update
March 5, 2026 WitnessAI Update
February 26, 2026 WitnessAI Update
February 24, 2026 WitnessAI Update
February 10, 2026 WitnessAI Update
January 27, 2026 WitnessAI Update
January 20, 2026 WitnessAI Update
January 13, 2026 WitnessAI Update
December 18, 2025 WitnessAI Update
December 9, 2025 WitnessAI Update
November 25, 2025 WitnessAI Update
November 18, 2025 WitnessAI Update
November 11, 2025 WitnessAI Update
October 28, 2025 WitnessAI Update
October 23, 2025 WitnessAI Update
October 9, 2025 WitnessAI Update
October 2, 2025 WitnessAI Update
September 30, 2025: WitnessAI Update
September 23, 2025: WitnessAI Update
August 12, 2025: WitnessAI Update
July 31, 2025: WitnessAI Update
July 18, 2025: WitnessAI Update
June 23, 2025: WitnessAI Update
June 9, 2025: WitnessAI Update
April 11, 2025: WitnessAI Release v2.0
User Guide
Home
Discovery
Discovered Apps
App Catalog
Agents
Analytics
Conversations
Users
Alerts
Policies
Lists
Private Applications
Settings
Configuration
Access Control
System
Secure AI Portal
User Menu
Policies & GuardRails
Policy Creation
Policy Precedence
File Attachments
GuardRail: Behavioral Activity
GuardRail: Data Protection
GuardRail: Harmful Response Prevention
GuardRail: Model Identity Protection
GuardRail: Model Protection
GuardRail: Organizational Behavior
GuardRail: Risk Analysis
Witness Anywhere: Remote Device Security
Witness Anywhere Overview
Installation Overview
MacOS Binary Installation
Windows Binary Installation
Maintenance & Support
Stunnel
Azure Intune: Single-User VDI
Azure Intune: Multi-User VDI
CrowdStrike (Windows)
GPO (Windows)
Jamf (macOS)
SentinelOne
FAQ
Witness Attack
Witness Attack: AI Red Teaming 
Administrator Guide
Accessibility
Integrations: Identity Providers
Identity: Microsoft Entra ID (Azure AD)
Identity: Okta Identity
Integrations: Network Security
Netskope SWG
Palo Alto Networks NGFW
Prisma Access: DNS Sinkhole
Prisma Access: Explicit Proxy
Zscaler Internet Access
Zscaler Beta
Status Page
API Reference
Input API
Complete API
Text-Completion API
Prompt-Protect API
Encryption

Configuration

API Keys

notion image
API Keys are for using the WitnessAI API.
  1. Give it a Key Name.
  1. Choose an Expiration Date.
  1. Click Generate user key button.
notion image
 
  1. Click the Copy icon. The API key will be copied to your system clipboard, and the following dialog will display.
      2. notion image
 
  1. Immediately save the key in a safe location, like a secrets manager or a password manager. After you navigate away from the API Keys page, you will not be able to access or copy any API keys again.
      2. Only users with Super Admin role are able to access API keys after they have been created and the page is exited.
  1. Super Admin users can copy any active or expired API key by clicking the copy icon in the API key’s “Actions” column.

Models

notion image
 
notion image
 

Proxy Configuration (PAC)

notion image

Download Scripts

notion image

SIEM Integrations

notion image

Connection Settings

Choose your SIEM Platform from the drop-down. Current choices include: Cribl, Crowdstrike, Exabeam, Google Secops, Splunk, Sumo Logic, Other (HEC), & Other (Bearer Token).
Fill in all the data fields for your SIEM Platform.
The most common required fields include:
URL: Enter the endpoint into the URL field.
Authentication Token.
Sync Frequency: Enter the number of records you want to be sent per synchronization.
Splunk requires a Splunk Index. The index must be created before configuring Splunk as your SIEM.
Google SecOps: The URL must include the following query parameters:
  • Key: Your Google SecOps API key
  • Secret: Your SecOps API secret
Example: https://your-instance.googleapis.com/v1/endpoint?key=my-secops-key&secret=my-secops-secret

SIEM Data Integration

Choose one radio button to forward Prompts & Alerts or Alerts Only to your SIEM.
Additional data options:
Check any boxes next to your desired data and formats listed.
Include Audit Logs to send Audit Logs to your SIEM. Documentation here.
JSON Lines Format: Documentation here.
Include Sanitized Prompt: This will send the redacted version of prompts to your SIEM. Documentation here.
Include Raw Prompt and Response: This will send the original version of prompts and responses, that include sensitive data to your SIEM. Documentation here.
Include LLM Response: Choosing this option
Click Save.

Exabeam Additional Details

The Exabeam Webhook Cloud Collector documentation is here.
Enter your preferred URL based on your Region. The Exabeam list of Regions for Cloud Collectors is here.

Splunk Additional Details

The Splunk steps are near-identical to the steps for Exabeam. The Splunk HTTP Event Collector (HEC) documentation is here.