What are Use Cases?

Use Cases enable you to monitor LLM traffic across multiple Profiles simultaneously, designed specifically for complex agentic workflows where different interaction types require different security policies.

In traditional monitoring, you view traffic through a single Profile's security configuration. Use Cases allow you to define workflows where each event type (such as "User to LLM" or "Agent to Tool") can have its own Profile, and view all resulting events in a unified monitoring experience.

Why Use Cases?

Modern agentic applications involve multiple types of LLM interactions, each with different risk profiles and security requirements. For example:

User-to-agent interactions may need strict PII detection
Agent-to-tool calls may require different content filtering
Agent-to-LLM reasoning steps may have unique context validation needs

Use Cases let you define these differentiated security policies while maintaining visibility across your entire workflow.

How Use Cases Work

Event Type Assignment

Each event in your workflow specifies its event type (e.g., "User to Agent", "Agent to Tool")

Profile Routing

Aiceberg routes each event through the Profile you've assigned to that event type

Unified Monitoring

All events appear in a single monitoring view, regardless of which Profile processed them

Each event type can only use one Profile within a Use Case, ensuring consistent policy enforcement for that interaction type.

Configuring a Use Case

To create a new Use Case:

Create a Use Case

Navigate to the Use Cases section via the Inventory and tap the + button

Name and Describe

Provide a name for your Use Case. Optionally add a description to document the workflow.

Choose Profile Assignment Strategy

Choose your Profile assignment strategy:

Default Profile: Assign one Profile to handle all event types, OR
Per-Event-Type Profiles: Assign specific Profiles to individual event types

Save Requirements

You must configure either a default Profile or at least one event-type-specific Profile assignment to save the Use Case.

If you choose to use a combination of default and per-event-type Profiles, the default will apply to any event type not otherwise assigned.

After creation, you can edit the Use Case configuration from its detail view. To delete a Use Case, use the menu in the top right corner.

Monitoring Use Case Traffic

To view traffic from your agentic workflows:

Open Monitoring

Navigate to the Monitoring page

Enable Snowflake (experimental)

Open Settings and enable the "Use Snowflake (experimental)" toggle

Use Case and Profile Filters

Two dropdown filters will appear:

Use Case: Select which Use Case workflow to view
Profile: Optionally filter to events from a specific Profile within that Use Case

Sessions Toggle

Enable the Sessions toggle in the filter menu if you want to view only head-session events

Note: Use Case filtering is currently available on the main Monitoring view. It does not appear on other monitoring tabs like Cannon.

What's Next

Use Cases are actively evolving. Upcoming enhancements include reporting and analytics across Use Case workflows.

This feature is a work in progress as we continue to build capabilities for agentic security and observability.

PreviousWhat is the Inventory?NextWhere do I connect to my LLM?

Last updated 1 day ago

Good night