Foundry - Custom blocklist term matched
Foundry Blocklist Term Matched
Query
AppDependencies
| where isnotempty(Properties["microsoft.foundry.content_filter.results"])
| extend
Agent = tostring(Properties["gen_ai.agent.name"]),
Model = tostring(Properties["gen_ai.request.model"]),
ConvId = tostring(Properties["gen_ai.conversation.id"]),
ProjectId = tostring(Properties["microsoft.foundry.project.id"]),
Prompt = tostring(Properties["gen_ai.input.messages"]),
FilterArr = todynamic(tostring(Properties["microsoft.foundry.content_filter.results"]))
| mv-expand Entry = FilterArr
| extend
SourceType = tostring(Entry.source_type),
Cfr = todynamic(Entry.content_filter_results)
// Custom blocklists surface as named keys inside content_filter_results
// (e.g. "Profanity", or your own blocklist name) alongside the standard
// harm categories. Treat any non-standard key that tripped as a blocklist
// hit so the rule works regardless of the blocklist name.
| mv-expand Key = bag_keys(Cfr)
| extend BlockListName = tostring(Key)
| where BlockListName !in~ ("jailbreak", "prompt_shield", "indirect_attack", "hate", "sexual", "violence", "self_harm", "protected_material", "protected_material_code", "protected_material_text")
| extend Verdict = todynamic(Cfr[BlockListName])
| where tobool(Verdict.filtered) or tobool(Verdict.detected)
| extend AccountName = iff(isempty(Agent), "unknown-agent", Agent)
| project
TimeGenerated, AccountName, SourceType, Agent, Model, ProjectId, ConvId,
BlockListName, VerdictJson = tostring(Verdict), Prompt
| order by TimeGenerated descExplanation
This query is designed to monitor and raise alerts when specific custom blocklist terms, defined by an organization, are detected in prompts or completions within a Foundry or Agent Service. Here's a simplified breakdown:
-
Purpose: The query identifies when users interact with restricted terms, such as project code names or regulated keywords, by checking against a custom blocklist.
-
Data Source: It uses data from Application Insights, specifically from the
AppDependenciesdata type. -
Frequency: The query runs every hour and looks back over the past hour to check for any matches.
-
Severity: The alert generated from this query is considered to have a medium severity level.
-
Detection Logic:
- It examines telemetry data to find entries where custom blocklist terms are matched.
- The query extracts relevant information such as the agent name, model, conversation ID, project ID, and the prompt text.
- It checks for any non-standard blocklist keys that have been triggered, indicating a blocklist hit.
- If a blocklist term is detected or filtered, it logs details like the time, account name, source type, and the blocklist name.
-
Alert Configuration:
- An incident is created if any blocklist term is matched.
- Alerts are grouped by account, and incidents are not reopened once closed.
-
Tags and Metadata: The query is tagged with keywords like Sentinel-As-Code, Custom, Foundry, AI, ContentSafety, and Blocklist, indicating its context and purpose.
Overall, this query helps organizations monitor and respond to potential misuse or probing of sensitive terms by generating alerts when such terms are detected in AI-generated content.
Details

David Alonso
Released: June 8, 2026
Tables
Keywords
Operators
Severity
MediumTactics
Frequency: PT1H
Period: PT1H