Configuring AI settings

Integrate AppScan Enterprise with your Microsoft Azure OpenAI service to enable Intelligent Finding Analytics (IFA) and improve the accuracy of scan results.

Before you begin

Before you begin, ensure you meet the following requirements:

  • You must have administrative privileges in AppScan Enterprise.
  • You must have the following from your active Microsoft Azure OpenAI account:
    • Your Azure OpenAI resource name.
    • Your model deployment name.
    • The API key (either KEY1 or KEY2 from the Keys & Endpoint section of your resource in the Azure portal).
  • In deployment scenarios where AppScan Standard and AppScan Enterprise are installed on the same host machine, AI configuration settings are shared. When the AI configuration is enabled in one product (e.g., AppScan Standard), it will automatically be recognized and applied to scans executed by the other product (e.g., AppScan Enterprise), and vice versa.

About this task

This feature enables Intelligent Finding Analytics (IFA) for Dynamic Application Security Testing (DAST). By integrating Generative AI, the scanner can more accurately confirm application error pages and handle edge cases, which reduces false positives and improves the overall precision of the scan results.

This is a system-wide setting for all scans. After you configure these settings, you can't disable this feature while scans are running.

Important:
This feature was tested with the Azure OpenAI model GPT-4o (version: 2024-05-13). We strongly recommend that you use this specific model and version to ensure optimal performance.
Cost:
Using the Azure OpenAI service incurs costs based on token usage. Monitor your Azure account regularly to ensure cost efficiency.
Rate limiting:
During a scan, a high volume of requests is sent to the Azure OpenAI service. If these requests exceed the quota for your Azure service, Azure may temporarily throttle (rate-limit) the connection. This is expected behavior, and related messages may appear in the scan log. If requests are throttled frequently, the scan may not be able to use the AI feature for all analyses, which could affect the final scan results.
Validation rules:

The values you enter must meet the following criteria:

Endpoint:

  • Must be a valid URL that starts with https://.
  • Must be between 20 and 255 characters.

API Key:

  • Must be alphanumeric (letters and numbers only).
  • Must be between 30 and 255 characters.

Procedure

  1. Navigate to the Administration view.
  2. On the left navigation pane, click General Settings.
  3. On the AI Settings section, click Manage.
    The Configure AI Settings page opens.
  4. In the Endpoint field, enter the URL for your Azure OpenAI service.

    The URL must be in the following format:

    https://{your-resource-name}.openai.azure.com/openai/deployments/{your-deployment-name}/chat/completions
  5. In the API key field, enter your API key.
  6. Click Done.

Results

AppScan Enterprise is now configured to use the Azure OpenAI service. If the provided Endpoint or API key is invalid or has expired, the scan will be completed; however, the error page detection will be skipped.