Add Rules with the Cisco Assistant

The Cisco Assistant for Secure Access is an artificial intelligence (AI) app that can interpret your prompts to create internet and private resources access rules on your policy. Access rules determine whether users and user devices can connect securely to the internet and your organization's private resources. For more information, see Manage the Access Policy.

When you construct a prompt for the Cisco Assistant, your prompt must include:

  • Both the source and destination rule components. You can add pre-configured source and destination rule components from the organization or configure source and destination components directly on the rule.
  • The rule action. You must add an action, which gets applied to the rule.

The Cisco Assistant is limited to generating valid access rules for your organization's policy. The assistant does not interact with or update any other settings, profiles, API keys, or network components or connectors in the organization. For more information, see Get Started with the Cisco Assistant.

Table of Contents

Use Cases

You can interact with the assistant on Secure Access to add both internet or private access rules to your organization's policy and create multiple rules from a single natural language prompt.

  • Internet access rules—Control managed devices' access to resources on the internet.
    For more information, see Manage Internet Access Rules
  • Private access rules—Control access to applications hosted on your data center.
    For more information, see Manage Private Access Rules

Capabilities of the Cisco Assistant

  • Interprets natural language prompts, generates internet or private access rules, and adds the generated rules to your organization's policy.
  • Detects the type of access rules to create from the language used in the prompt.
  • Creates multiple rules with various rule components and actions.
  • Understands how to interact with an organization's administrator safely and with respect.
  • Provides spelling suggestions for source and destination names.

Limitations

  • The Cisco Assistant is available on Secure Access to create access rules.
  • The Cisco Assistant may return false or inaccurate information.
  • The Cisco Assistant only interprets text-based, in-scope command prompts.

Safeguards

  • The Cisco Assistant saves your conversational instructions or prompts and has data protection safeguards built into the application.
  • The Cisco Assistant does not remove any data from your organization and can not add a policy rule without an administrator's approval.
  • The Cisco Assistant guarantees that the generated access rule is valid and only contains the correct source and destination components for the policy type with the appropriate rule actions.
  • The Cisco Assistant is restricted in it's generative capabilities and prevents inappropriate interactions with the application.

Procedure

Click the Cisco Assistant icon in the Secure Access toolbar to open the AI app, then enter your sequence of commands in the prompt bar to create access rules. For more information, see Get Started with the Cisco Assistant - Procedure.

Enter a Natural Language Prompt to Generate Policy Rules

  1. In the prompt bar, enter your natural language instructions to create policy rules.

For more information about prompts and generating policy rules, see Cisco Assistant Rule Examples.

Sample Prompt:

Grant all access to jira
  1. If the assistant is able to interpret the prompt, Secure Access adds a new rule to your policy with the highest priority.
  1. Browse to Secure > Access Policy to view the rule generated by the assistant.

Note: Rules generated by the assistant have a Rule name that ends with the phrase: Created by Cisco Assistant.

  1. If the assistant is unable to clearly interpret the prompt action, source, destination, or access type, it will reply with options. For more information, see Core Prompt Components.
  1. Use the options in the reply to clarify the prompt, or click the Revise icon (pencil) next to the completed prompt to rephrase it and generate a new response.
  1. The Add rule button will become active when the prompt is clear enough for the assistant to interpret it. Click Add rule, and Secure Access adds the rule to your policy with the highest priority.
  1. If the assistant is unable to interpret the prompt in a way that it cannot resolve by presenting options, it will reply by explaining that the prompt is invalid. Enter a new prompt in the prompt bar or click the Revise icon (pencil) to clarify and resubmit the prompt.

Reporting

Secure Access logs the addition of rules to your policy, including rules generated by the Cisco Assistant. For more information, see Admin Audit Log Report.

Support

For more information, contact Cisco Support at https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html.


Get Started with the Cisco Assistant < Add Rules with the Cisco Assistant > Cisco Assistant Rule Examples