Cisco AI Assistant

Overview

The Cisco AI Assistant is designed to streamline and automate tasks that administrators face daily, significantly reducing the time spent on managing firewall rules and handling user requests. Traditionally, administrators are burdened with frequent and repetitive tasks. The Cisco AI Assistant steps in to alleviate this workload by automating processes, ensuring accuracy, and improving efficiency.

Key Features

• Documentation: The AI Assistant grants administrators full access to the entire knowledge base, allowing them to ask any query and receive precise, accurate responses.
• Policy Inquiry: The AI Assistant can answer any questions related to the policies within your tenant, providing clear and accurate insights.
• Automated Rule Creation and Management: The AI Assistant automates the creation of access control rules based on administrator requests. It interprets the request, discovers necessary entities, verifies configurations, and generates rules to ensure both security and compliance.
• Policy Optimizer: The AI Assistant includes a built-in rule checker that cross-references existing policies to avoid redundant or conflicting rules. It also analyzes current policies, suggesting improvements to align with security best practices and regulatory requirements, ensuring an optimized, efficient, and compliant rule set.
• Contacting Support: The AI Assistant can automatically generate support case tickets and help administrators manage these cases. This integration speeds up troubleshooting processes and reduces response times for security-related issues.
• Notifications: Enhanced Security and Compliance: Alerts and notifications keep administrators informed of any compliance issues or security risks, enabling quick adjustments to firewall policies to meet regulatory standards.
• User-Centric and Intuitive Design: Featuring a user-friendly interface, the AI Assistant simplifies complex firewall operations, allowing administrators to execute tasks quickly and efficiently. With the Cisco AI Assistant, admins can focus more on strategic tasks while automating routine operations for greater efficiency.

Cisco AI Assistant Components

The Cisco AI Assistant is engineered with user-friendly components.

• Text Input Box –At the bottom of the window, you have a text input box that allows you to type and engage with the AI Assistant.
• New Thread – Click the edit icon to start a new conversation with the AI Assistant
• Chat History – Expand the menu tray on the left side of the screen to see your chat history.
• Feedback – The AI Assistant has the option to provide feedback for its responses. Click thumbs up to show appreciation or thumbs down to let the assistant know that it can do better.
• Expand View –Click on the expand icon on the top right to open the AI Assistant in full-screen view.
• Notifications/Alerts – The AI Assistant provides alerts and notifications for critical actions, updates, and changes within your security environment.

Cisco AI Assistant Best Practices

We recommend the following best practices to effectively communicate with the AI Assistant:

• Ask detailed questions – The AI Assistant is trained with policy/rule configuration and documentation data. To receive a relevant response, we recommend that you provide the assistant with important details.

Tip 

• Sample question- How many decryption policies are enabled on my account? Where can I access the policies? Do the policies have source and destination enabled?
• Divide the tasks into sub-tasks – For tasks that require multiple sets of instructions, it can be beneficial to divide the tasks and input the sub-tasks after the previous task is answered.

Note The AI Assistant takes 24 hours to sync pthe policy database, this results in a 24-hour delay in the data provided in responses to policy inquiries. This does not impact any other features and users can continue to interact with the AI Assistant.

Tip

In the sample question above – We suggest breaking down the question into smaller tasks and asking them one at a time, waiting for a response before moving on to the next question. This approach helps prevent information overload and reduces the need for repetition. –

• How many decryption policies are enabled on my account?
• Where can I access the policies?
• Do the policies have source and destination enabled?
• You cannot upload files or images to the AI Assistant.
• The AI Assistant currently provides support only in the English language.

Note Please read through the Prompt Guide to gain a better understanding of the recommended best practices.

Prompt Guide for Cisco AI Assistant

• The Cisco AI Assistant’s Prompt Guide is designed to help you interact more effectively with our AI Assistant, ensuring you get accurate, relevant, and helpful responses to your queries and commands. Your experience with Cisco AI Assistant can be greatly enhanced by how effectively you communicate with it.

Understanding a Prompt

• A prompt is a question or any text input that you provide to the Cisco AI Assistant to initiate a conversation or request information. Essentially, it’s the question you pose to the AI Assistant. The way you format and construct your prompt plays a crucial role in determining the response from the AI Assistant.

Key Components of a prompt:

• Clarity: Be clear and specific about what you’re asking for.
• Context: Provide necessary background information.
• Purpose: State what you want to achieve with your prompt.

Examples of Effective Prompts

Guidelines for Crafting Effective Prompts

By providing precise input and context, you significantly increase the chances of receiving a targeted, relevant, and useful answer from the AI Assistant

• Be Specific and provide context: Draft your with relevant information, use the correct device names, policy names, etc. that could help the AI Assistant understand your request better.
• Use Proper Syntax: While AI Assistant can understand colloquial language, clear and grammatically correct sentences can improve response accuracy.
• Clarify the Desired Output: If you have a preference for the response format (e.g., a list, a detailed explanation, tables), mention it.
• Correction and Feedback: If the response doesn’t meet your expectations, you can provide feedback or ask for clarification within your next.
• Direct Naming Requests: Use the phrase “give me only the names” to instruct the AI Assistant to provide solely names in its response. For example, if a user wants to know the names of firewall rules or policy names without additional details, they can use the phrase ‘give me only the names of firewall rules’ to instruct the AI Assistant to provide solely the names in its response.
• Unique Values: Employ the keyword “unique” to request unique values from the AI Assistant.
• Rules and Actions: When requesting information about rules, users can specify which attributes they want to include in the response for comprehensive insights. For example, if a user wants to know about firewall rules allowing access to a specific zone, they can specify additional attributes such as the action (e.g., allow or deny) and any relevant source zones. By providing specific instructions, users can tailor the response to their exact requirements and gain deeper insights into the configuration. This approach allows users to obtain more relevant and actionable information from the AI Assistant.
• Sequential Questioning: For multiple inquiries, pose them as separate, follow-up questions to enhance clarity and context, rather than combining them into a single complex .
• Explicit Multi-Attribute Queries: Clearly state “Both” or “all of the following” when seeking multiple attributes; otherwise, the AI Assistant might select an attribute at random to respond to. For example, when querying about firewall rules, attributes could include details such as the rule name, description, action (e.g., allow or deny), source IP addresses, destination IP addresses, ports, protocols, etc.
• In the context of multi-attribute queries, it means requesting information about multiple characteristics or properties simultaneously. For instance, a user might want to know both the names and descriptions of firewall rules, or they might be interested in the source IP addresses and destination ports of network traffic.

Cisco AI Assistant Skills

Online Help Documentation

• The AI Assistant grants administrators full access to the entire knowledge base, allowing them to ask any query and receive precise, accurate responses. This streamlines the process, saving both time and effort.
• Additionally, the AI Assistant enhances the user experience by offering relevant citations and reference links to help documents, guiding administrators toward the intended outcome with ease.
• Administrators can simply type their query into the AI Assistant’s chat interface. The Assistant will respond with a clear answer, along with citations and reference links to help documents for additional guidance.

Tip Sample prompts:

• What are the steps to configure a new firewall policy?
• Where can I find documentation on rule optimization?
• How do I renew an expired rule in my firewall settings?

Policy Insights

Administrators can ask questions to gain insights into policy configurations, including rule details, status, and compliance alignment. AI Assistant scans and analyses policies to provide details of potential gaps and overlaps that need to be resolved resulting in better performance and efficiency.

1. Navigate to your tenant’s dashboard and click on the AI Assistant icon located in the right top corner.
2. Use a simple prompt to inquire about existing policy rules (e.g., “Show all access control rules”).
3. The AI Assistant retrieves a comprehensive list of policies relevant to your query.
4. Review the details provided by the AI Assistant, including rule configurations, rule status, and key attributes such as allowed traffic, blocked ports, or IP addresses.

DETAILED STEPS 

Example

Tip Sample Prompts

• What rules are using http://github.com?
• What rules are using this IP 100.20.10.1?
• What policies are blocking the Webex application and webex.com URL?
• Which rules allow inbound traffic?
• Show rules with expired conditions.

Policy Analyzer and Optimizer

The AI Assistant identifies gaps and inconsistencies within firewall rules, providing administrators with detailed insights into anomalies or potential issues. This allows administrators to quickly address security vulnerabilities, ensure compliance, and optimize the overall effectiveness of their firewall policies. The rules can be:

• Mergable Rule: Rules that can be combined or consolidated because they share similar criteria or actions. For example, if two or more rules apply to the same source, destination, or protocol, but have redundant or overlapping conditions, they can be merged to reduce complexity and improve the overall efficiency.
• Expired Rule: Rules that are no longer active because they have passed a predefined expiration date or time limit.
• Object Overlap: An element in a field of a rule is a subset of one or more elements in the same field of the rule. For example, the source field might include a network object for 10.1.1.0/24 and another object for the host 10.1.1.1. Because 10.1.1.1 is within the network covered by 10.1.1.0/24, the object for 10.1.1.1 is redundant and can be deleted, simplifying the rule and saving device memory.
• Duplicate/Redundant Rule: Two rules apply the same action to the same type of traffic and removing the base rule would not change the ultimate result. For example, if a rule permitting FTP traffic for a particular network were followed by a rule allowing IP traffic for that same network, and there were no rules in between denying access, then the first rule is redundant, and you can delete it.
• Shadowed Rule: This is the reverse of a redundant rule. In this case, one rule will match the same traffic as another rule such that the second rule will never be applied to any traffic because it comes later in the access list. If the action for both rules is the same, you can delete the shadowed rule. If the two rules specify different actions for traffic, you might need to move the shadowed rule or edit one of the two rules to implement your desired policy. For example, the base rule might deny IP traffic, and the shadowed rule might permit FTP traffic, for a given source or destination.

1. The AI Assistant continuously monitors and analyzes your firewall rules. You can prompt the Assistant to analyze current policies for gaps or inefficiencies (e.g., “Analyze rules for redundant configurations”).
2. The AI Assistant flags any redundant, duplicate, or conflicting rules that could be optimized. It provides suggestions on merging or updating rules to streamline firewall performance.
3. Based on the analysis, the AI Assistant recommends optimizations, such as removing obsolete rules, adjusting configurations, or tightening access control for better security.

Note If the AI Assistant detects expiring rules or performance issues within a policy, it automatically generates alerts to prompt timely actions from the administrator.

You can click on View Details.

Tip Sample Prompts

• Identify any inconsistencies in my firewall rules.
• Show me gaps in current firewall policy configurations.
• Are there any redundant or conflicting rules in my firewall setup?

Resolve Policy Abnormalities

• Administrators can address policy rule gaps efficiently using the AI Assistant. With its help, they can:
• Disable all the redundant policy rules, shadow rules, and expired ones.
• Remove all the redundant policy rules, shadow rules, and expired ones.
• Merge all the redundant policy rules.

Note In case performing any of these actions does not resolve the issue, you can create a support ticket to contact the Cisco Support Team.

Automate Policy Rule Creation

• The AI Assistant simplifies the policy rule creation process for the Secure Firewall Threat Defense managed by a cloud-delivered Firewall Management Center and minimizes the need for extensive technical knowledge or manual configuration.
• By leveraging Prompt Guide for Cisco AI Assistant, administrators can quickly establish robust security measures, enhancing the overall efficiency and security of their network. These rules once created are listed under the policies section in your tenant.

Example Scenario

• Consider a scenario where an administrator receives the following request:
• Rick Miles can access Facebook on his work computer only from the office.
• This would be the process the administrator would follow to create the rule:

Procedure

• Step 1 The administrator needs to create a new rule to accommodate this request. They put this request to the AI Assistant:
• Step 2 The AI Assistant asks a question to better understand the administrator’s requirement and then guides them through a selection of options to create the rule:
• Step 3 The AI Assistant finds multiple results for Facebook and asks the administrator to clarify if they are referring to Facebook as an application, URL, or a Zone:
• Step 4 The AI Assistant prompts the administrator to select the policy to which the rule will be added
• Step 5 The AI Assistant suggests a “Rule Name”, which the administrator can modify if needed:
  • Note If the administrator chooses a “Rule Name” that already exists in a policy, the assistant displays an error prompting the administrator to enter a new name.
• Step 6 The AI Assistant prompts the administrator to select a “User name” and a “Category” for the rule:
• Step 7 The AI Assistant requests confirmation for rule creation and provides a summary of the administrator’s request along with the inputs for the rule:
  • Note The administrator can edit the rule information by clicking Edit and cancel the process of rule creation by clicking Cancel.
• Step 8 Assuming that the administrator confirms “Yes” for rule creation, the rule is created and will be reflected in the policy the administrator chose:
  • Note If you are unable to create a policy rule, refer to Cisco AI Assistant Frequently Asked Questions (FAQ), on page 25.

Contact Support

• The AI Assistant streamlines the process of ticket creation and management, enabling administrators to handle support requests efficiently and effectively. With this integration, administrators can generate support cases directly through the AI Assistant when they encounter unresolved issues or require additional assistance beyond the AI’s recommendations.

Key capabilities include:

• Automated Ticket Creation: The AI Assistant automatically suggests creating a support ticket if its solutions don’t resolve the issue. Administrators can also manually create tickets with a simple prompt.
• Manage Tickets: Administrators can track and update the status of their tickets to “Close” within the AI Assistant.
• By incorporating ticket creation and management into the AI Assistant, organizations can reduce delays in troubleshooting, help create a support case with support teams, and enhance the overall efficiency of issue resolution.
• Only customers using CDO and Cloud-delivered Firewall Management Center can contact support through the AI Assistant.

Open Support Case
The AI Assistant creates a support ticket based on the context of the conversation. This support case is created in the Support Case Manager and the ticket details are shared with the user. By following the steps below, administrators can quickly and seamlessly create a support ticket through the AI Assistant.

1. Navigate to your tenant’s dashboard and click on the AI Assistant icon located in the right top corner.
2. Initiate a conversation by typing your query/issue in the text box.
3. The AI Assistant will suggest troubleshooting steps or solutions based on the issue presented.
4. If the AI Assistant’s recommended solutions do not resolve the issue or if further help is needed, the Assistant will prompt you to Open a Case. You can also manually request the creation of a support case by typing “create a support case”.
5. The AI Assistant will generate the case and provide you with case details.
   • Note A confirmation email will be sent, including a case number for reference.

Tip Sample Prompts:

• I need to report an issue with my firewall.
• Can you help me open a support ticket?
• Please escalate this problem to your support team.
• How do I file a complaint about this product?
• I need to speak to someone about a malfunctioning firewall.
• This product is giving me trouble, I need to open a case.

Manage Support Case
Administrators can quickly view and update a support case through the AI Assistant. The status of a support ticket can be:

• List cases: The AI Assistant can list all the open and closed cases for the tenant.
• Close: Mark the support case as resolved once the issue has been addressed.
• Retrieve: Access the details of an existing support case for review or reference.

Support Case List

• Administrators can easily access a comprehensive list of all previously created support cases within their tenant using the AI Assistant. By simply asking the assistant to retrieve past cases, they can view case numbers, statuses, descriptions, and other essential details for each case.

To retrieve cases:

1. Navigate to the AI Assistant, in the text box, and ask the AI Assistant to retrieve the list of support cases.
2. Alternatively, you can retrieve the list of cases directly in the Support Case Manager section.

Tip Sample prompts:

• I want to know my support case history.
• How many support cases do we have?

Support Case Status

Administrators can check the status of their support case via the AI Assistant.

1. Navigate to the AI Assistant, in the text box, and ask the AI Assistant to retrieve the status of support cases.
2. Alternatively, you can track the progress of the ticket directly in the Support Case Manager section.

Tip Sample prompts:

• I want to know my support case status.
• What is the status of my case?

Support Case Close
Administrators can close their support cases via the AI Assistant.

To close a case:

1. Navigate to the AI Assistant, in the text box, and ask the AI Assistant to close the case.
2. Alternatively, you can close the ticket directly in the Support Case Manager section.

Tip Sample prompts:

• I want to close my case.
• How do I close my ticket?

Notifications Center

• The Cisco AI Assistant’s alert and notification system is designed to keep administrators informed of critical actions, updates, and changes within their security environment. By leveraging real-time alerts and scheduled notifications, users can manage security incidents and optimize policies proactively.
• The alerts and notifications are accessed via the AI Assistant icon located in the top-right corner of your tenant dashboard. When new alerts or notifications are available, a number indicator will appear on the icon, displaying the total count of unread items.
• Clicking the icon opens the Notification Center, where you can view a comprehensive list of all alerts and notifications. The list can be easily filtered by status, including Read, Unread, and Severity, allowing you to prioritize critical actions and stay informed.
• The default status of the notifications is unread. The administrators can mark the notifications as read and delete the notifications as required.

The notifications are triggered for:

• Policy analyzer and optimizer: The AI Assistant routinely scans policies within your tenant and provides recommendations for optimization. Once the scan results are available, the Assistant will notify the user through a system-generated notification, ensuring timely awareness and action.
• Policy rule creation: Upon initiating policy rule creation, the rule is initially set to “disabled” by default, requiring you to manually enable it. The AI Assistant will then notify you once the rule is successfully enabled.

FAQs

Cisco AI Assistant FAQ Cisco AI Assistant Frequently Asked Questions (FAQ)

Q. What is the Cisco AI Assistant?

A. The Cisco AI Assistant is an application that answers questions about existing configurations on your Secure Firewall Threat Defense device and how to manage those devices in the Firepower Management Center and cloud-delivered Firewall Management Center.

Q. What can the AI Assistant help you with?

A. The AI Assistant answers questions about how to configure your Secure Firewall Threat Defense devices. • The AI Assistant answers questions about how to configure access control and other security policies. • The AI Assistant simplifies the configuration for a quicker, easier policy rule building. • The AI Assistant helps diagnose and troubleshoot firewall-related issues.

Q. How do you access the AI Assistant?

A. The AI Assistant is integrated with the CDO Firewall Management Center and cloud-delivered Firewall.

Q. What subjects can I ask about?

A. You can ask the AI Assistant about your configured firewall devices, policies, and settings; and ask questions about how to configure your firewall.

Q. Is the Cisco AI Assistant Secure?

A. Yes. The Cisco AI Assistant implemented on your CDO tenant only has access to the information and security policies on your tenant and your cloud-delivered Firewall Management Center if you have implemented that feature. The AI Assistant cannot “learn” about policies on other CDO tenants and so, can’t answer questions about other CDO tenants or integrate information from them.

Q. Can I use the AI Assistant to create rules?

A. Yes, you can use the AI Assistant to create rules. The AI Assistant provides a user-friendly interface with simple prompts that guide you through the rule creation process. It ensures accuracy and efficiency, allowing you to seamlessly integrate and manage policy rules within your workflow.

Q. What types of rules are supported by the AI Assistant?

A. Currently, the AI Assistant supports the Access Control Policy Rules. You can create a rule to Allow, block, and BLOCK_RESET. Administrators can request specific details about Access Rule policies for their tenants.

Q. Do I need to pay to use the Cisco AI Assistant for Firewall?

A. The Cisco AI Assistant is currently available for early customer evaluation at no cost. During this rollout phase, usage is free of charge. However, Cisco plans to include the product in the General Price List (GPL) in the future. After general availability, Cisco reserves the right to require customers to purchase a subscription to continue using the product.

Q. Are there any limitations on features and functionality during the above -mentioned initial customer evaluation period?

A. No, there are no planned limitations on the usage of available functionality. During the early availability period, you will have full access to all features and functionalities of the product. However, Cisco will monitor usage levels and may, at its sole discretion, restrict or limit usage, as well as add or remove features and functionalities during this evaluation phase.

Q. What happens if I choose not to subscribe and/or do not pay for the product after the above-mentioned period?

A. If you choose not to subscribe, your access to the Cisco AI Assistant for Firewall will be limited or discontinued by our policy. You will have the option to reactivate your subscription at any time.

Q. When was the last time the Cisco AI Assistant was updated?

A. The AI Assistant is updated weekly with documentation changes. In CDO, the AI Assistant is updated every 24 hours with the policy and configuration changes you made to your devices and tenant. In the cloud-delivered Firewall Management Center, the AI Assistant is also updated every 24 hours with the policy and configuration changes you made to your devices and tenant, and in addition, responses to those questions include when the last data sync occurred.

• Q. How do you access the AI Assistant?
  • A. The AI Assistant is integrated with the CDO Firewall Management Center and cloud-delivered Firewall Management Center. To access the AI Assistant click the AI Assistant button () on the CDO or cloud-delivered Firewall Management Center home page.
• Q. What do I do if a response is wrong?
  • A. Click the feedback option to report incorrect information.
• Q. How do I ask the AI Assistant a question?
  • A. Click the AI Assistant button () on the CDO or cloud-delivered Firewall Management Center home page and type your question text box.
• Q. The AI Assistant is unable to create a rule, how do I fix this?
  • A. The AI assistant unable to create a policy rule:
    • Object not found: If the AI Assistant cannot find the specified object name within the tenant, it will prompt the admin to verify the object name and try again. We recommend providing the assistant with an updated prompt that includes the correct object name.
    • Incomplete Request: The AI Assistant requires complete and accurate information to create a rule. For a better understanding, please refer to the table below:

CONTACT INFORMATION

• Americas Headquarters
• Cisco Systems, Inc.
• 170West Tasman Drive
• San Jose, CA 95134-1706
• USA
• http://www.cisco.com
• Tel: 408 526-4000
• 800 553-NETS (6387)
• Fax: 408 527-0883

Documents / Resources

CISCO Cisco AI Assistant [pdf] User Guide Cisco AI Assistant, AI Assistant, Assistant

References

• User Manual