Monitoring & Alerts

All Browser Security detections are reported to Highflame Studio in real time. Security teams have a unified view of violations, device health, and threat trends without needing a separate console.

Violations

Navigate to Highflame Studio → Browser Security → Violations to see all recorded detections.

Each violation record includes:

Field

Description

Timestamp

When the violation occurred

Device

The enrolled device and user it was detected on

Threat category

The type of threat detected (prompt injection, data exfiltration, etc.)

Threat flags

Specific patterns matched (e.g., prompt_injection:jailbreak, pii:credit_card)

Action taken

Whether the operation was blocked or monitored

Platform

The AI platform or domain involved

API

The browser API intercepted (fetch, xhr, storage, clipboard, etc.)

Filtering violations

Filter by:

Date range
Device or user group
Threat category
Action (blocked / monitored)
AI platform

Exporting

Violations can be exported as CSV for reporting or ingestion into your SIEM. Use the Export button in the Violations view, or configure a Splunk or webhook alert for real-time streaming.

Device inventory

Navigate to Highflame Studio → Browser Security → Devices to see all enrolled devices.

Column

Description

Device name

Hostname of the enrolled device

User

Logged-in user at last check-in

Browser

Browser type and version

Status

Active, Inactive (no check-in in 24h), or Offline

Policy

Active policy applied to this device

Last seen

Timestamp of most recent activity

Violations (7d)

Number of violations in the past 7 days

Devices that haven't reported in over 24 hours are marked Inactive. This typically means the browser extension was uninstalled, the device is powered off, or the managed configuration was removed.

Threat analytics

The Analytics tab in Browser Security shows aggregated threat data across your organization:

Violation volume over time — daily/hourly trend of blocked and monitored events
Top threat categories — breakdown of which threat types are firing most
Top users — users generating the highest violation counts
Top platforms — which AI platforms are involved in the most violations
Detection rate by policy — which policies are triggering and at what rate

Use the analytics view to identify anomalies (a spike in jailbreak attempts, a user sending PII to an unexpected platform) and to validate that Monitor mode detections are stable before moving to Block.

Alerts

Browser Security violations can trigger alerts through the same alerting pipeline as other Highflame products.

In Highflame Studio → Alerts, configure alert rules scoped to Browser Security events:

trigger_condition:
  product: browser_security
  action: block
  threat_category: prompt_injection

Supported destinations:

Slack — post to a channel on violation
Webhook — POST to any endpoint (SIEM, PagerDuty, custom)
Splunk HEC — stream directly to Splunk

See Alerts for full configuration details.

Session context

When a Browser Security violation is associated with a session that is also tracked by Highflame Shield (via the Agent Gateway or SDK), the violation appears in the shared Sessions view in Observatory. This gives you a complete picture of a threat that spans both browser activity and agent/API traffic — for example, an employee attempting a jailbreak in ChatGPT that then propagates to an agent workflow.

PreviousPolicies NextOverview

Last updated 1 month ago