Guides
Secure Access Help Center

Add Rules with the Cisco Assistant

The Cisco Assistant for Secure Access is an AI app that can interpret your prompts to create internet and private resources access rules on your policy. Access rules determine whether users and user devices can connect securely to the internet and your organization's private resources. For more information, see Manage the Access Policy.

Your prompts for the Cisco Assistant must include:

  • Both the source and destination rule components. You can add pre-configured source and destination rule components from the organization or configure source and destination components directly on the rule.
  • The rule action. You must add an action, which gets applied to the rule.

The Cisco Assistant is limited to generating valid access rules for your organization's policy. The assistant does not interact with or update any other settings, profiles, API keys, or network components or connectors in the organization. For more information, see Get Started with the Cisco Assistant.

Table of Contents

Use Cases

You can interact with the assistant in Secure Access to add both internet or private access rules to your organization's policy and create multiple rules from a single natural language prompt.

  • Internet access rules—Control managed devices' access to resources on the internet.
    For more information, see Manage Internet Access Rules
  • Private access rules—Control access to applications hosted on your data center.
    For more information, see Manage Private Access Rules

Capabilities of the Cisco Assistant

  • Interprets natural language prompts, generates internet or private access rules, and adds the generated rules to your organization's policy.
  • Detects the type of access rules to create from the language used in the prompt.
  • Creates multiple rules with various rule components and actions.
  • Understands how to interact with an organization's administrator safely and with respect.
  • Provides spelling suggestions for source and destination names.

Limitations

  • Cisco Assistant is available in Secure Access to create access rules.
  • Cisco Assistant may return false or inaccurate information.
  • Cisco Assistant interprets only text-based, in-scope command prompts.

Safeguards

  • Cisco Assistant saves your conversational instructions or prompts and has data protection safeguards built into the application.
  • Cisco Assistant does not remove any data from your organization and can not add a policy rule without an administrator's approval.
  • Cisco Assistant guarantees that the generated access rule is valid and only contains the correct source and destination components for the policy type with the appropriate rule actions.
  • Cisco Assistant is restricted in its generative capabilities and prevents inappropriate interactions with the application.
  • Rules created by the Assistant are disabled by default.

Procedure

Click the Cisco Assistant icon in the Secure Access toolbar to open the AI app, then enter your sequence of commands in the prompt bar to create access rules. For more information, see Get Started with the Cisco Assistant - Procedure.

Enter a Natural Language Prompt to Generate Policy Rules

  1. In the prompt bar, enter your natural language instructions to create policy rules.

For more information about prompts and generating policy rules, see Cisco Assistant Rule Examples.

Sample Prompt:

Grant all access to jira
  1. The assistant will reply with a card presenting the interpreted rule access, action, source, and destination. For more information, see the Core Prompt Components section in Cisco Assistant Rule Examples.
  1. Use the options in the reply to clarify the prompt, or click the Revise icon (pencil) next to the completed prompt to rephrase it and generate a new response.

If the prompt action is to allow access to a private resource, the assistant offers options to customize Endpoint Requirements when connecting to the private resource using Zero Trust Access.

Click the Revise icon (pencil) to apply a custom Client-based Posture Profile or Browser-based Posture Profile to your rule.

Endpoint Requirements only apply when the rule action is to allow access to a private resource. For more information, see Manage Zero Trust Access Posture Profiles.

  1. The Add rule button will become active when the prompt is clear enough for the assistant to interpret it. Click Add rule, and Secure Access adds the rule to your policy with the highest priority.
  1. Browse to Secure > Access Policy to view the rule generated by the assistant.

Note: Rules generated by the assistant have a Rule name that ends with the phrase: Created by Cisco Assistant.

Invalid Prompts

If the assistant is unable to interpret the prompt in a way that it cannot resolve by presenting options, it will reply by explaining that the prompt is invalid. Enter a new prompt in the prompt bar or click the Revise icon (pencil) to clarify and resubmit the prompt.

Reporting

Secure Access logs the addition of rules to your policy, including rules generated by the Cisco Assistant. For more information, see Admin Audit Log Report.

Support

For more information, contact Cisco Support: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html.

Get Started with the Cisco Assistant < Add Rules with the Cisco Assistant > Cisco Assistant Rule Examples

Updated about 1 month ago