Configuring AI settings

Integrate AppScan Enterprise with your Microsoft Azure OpenAI service to enable Intelligent Finding Analytics (IFA) and improve the accuracy of scan results.

Before you begin

Before you begin, make sure you meet the following requirements:

  • You must have administrative privileges in AppScan Enterprise.
  • You must have the following from your active Microsoft Azure OpenAI account:
    • Your Azure OpenAI resource name.
    • Your model deployment name.
    • The API key (either KEY1 or KEY2 from the Keys & Endpoint section of your resource in the Azure portal).
  • In deployment scenarios where AppScan Standard and AppScan Enterprise are installed on the same host machine, AI configuration settings are shared. When the AI configuration is enabled in one product (for example, AppScan Standard), it's automatically recognized and applied to scans executed by the other product (for example, AppScan Enterprise), and vice versa.

About this task

This feature enables Intelligent Finding Analytics (IFA) for Dynamic Application Security Testing (DAST). By integrating generative AI, the scanner can more accurately confirm application error pages and handle edge cases, which reduces false positives and improves the overall precision of the scan results.

This is a system-wide setting for all scans. After you configure these settings, you can't disable this feature while scans are running.

Important:
AppScan's Azure OpenAI integration supports models that use the Chat Completions API, including GPT-5.0. While backward compatibility is maintained for earlier models like GPT-4.x, Microsoft Azure is actively retiring them. Make sure you deploy an active, supported model to maintain optimal performance and continuous service.
Cost:
Using the Azure OpenAI service incurs costs based on token usage. Monitor your Azure account regularly to stay cost efficient.
Rate limiting:
During a scan, a high volume of requests is sent to the Azure OpenAI service. If these requests exceed the quota for your Azure service, Azure might temporarily throttle (rate-limit) the connection. This is expected behavior, and related messages might appear in the scan log. If requests are throttled frequently, the scan might not be able to use the AI feature for all analyses, which could affect the final scan results.
Validation rules:

The values you enter must meet the following criteria:

Endpoint:

  • Must be a valid URL that starts with https://.
  • Must be between 20 and 255 characters.

Deployment model:

  • Must be between 2 and 255 characters.

API key:

  • Must be alphanumeric (letters and numbers only).
  • Must be between 30 and 255 characters.

Procedure

  1. Go to the Administration view.
  2. On the left navigation pane, click General Settings.
  3. In the AI Settings section, click Manage.
    The Configure AI Settings page opens.
  4. In the Endpoint box, enter the base URL of your Azure OpenAI service.

    The URL must be in the following format:

    https://{your-resource-name}.openai.azure.com
    Important:
    Enter only the base URL. Don't append path information, such as /openai/deployments/. The system automatically constructs the necessary resource paths.
  5. In the Deployment Model box, enter the custom name you chose when you deployed your model in Azure OpenAI Studio.
    Note:
    You must enter the exact name of the deployment.
  6. In the API key box, enter your API key.
  7. Click Done.

Results

AppScan Enterprise verifies your connection to Azure OpenAI when you click Done. If the credentials are valid, the configuration is saved, and AppScan Enterprise uses this service for enhanced error page detection in all subsequent scans. If the Endpoint, Deployment Model, or API key isn't correct, an error occurs, and the configuration isn't saved. If valid credentials expire later, the scan completes using the standard error page detection mechanism, and the AI-assisted detection is skipped.