Cisco AI Assistant Frequently Asked Questions (FAQ)

What is the Cisco AI Assistant?

The Cisco AI Assistant is an application that answers questions about existing configurations on your Secure Firewall Threat Defense device and how to manage those devices in the Secure Firewall Management Center and cloud-delivered Firewall Management Center.

What can the AI Assistant help you with?

The AI Assistant answers questions about how to configure your Secure Firewall Threat Defense devices.
The AI Assistant answers questions about how to configure access control and other security policies.
The AI Assistant simplifies the configuration for a quicker, easier policy rule building.
The AI Assistant helps diagnose and troubleshoot firewall-related issues.

How do you access the AI Assistant?

The AI Assistant is integrated with Security Cloud Control and Cloud-delivered Firewall Management Center. To access the AI Assistant click the AI Assistant button (

) on the Security Cloud Control or Cloud-delivered Firewall Management Center home page.

What do I do if a response is wrong?

Click the feedback option to report incorrect information.

How do I ask the AI Assistant a question?

Click the AI Assistant button (

) on Security Cloud Control or Cloud-delivered Firewall Management Center home page and type your question text box.

What subjects can I ask about?

You can ask the AI Assistant about your configured firewall devices, policies, and settings; and ask questions about how to configure your firewall.

Is the Cisco AI Assistant Secure?

Yes. The Cisco AI Assistant implemented on your Security Cloud Control tenant only has access to the information and security policies on your tenant and your cloud-delivered Firewall Management Center, if you have implemented that feature. The AI Assistant cannot “learn” about policies on other Security Cloud Control tenants and so, can’t answer questions about other Security Cloud Control tenants or integrate information from them.

What is Cisco's data privacy policy?

Access to customer data is strictly controlled based on role-based access control (RBAC) policies
Only authorized personnel with specific privileges can access the data, and access is periodically reviewed.
Audit logs track and record data access activities.

Note	This is Cisco's Online Privacy Statement in the Cisco's Trust Center.

Where is the data stored?

Data is stored within Cisco's Security Cloud infrastructure. Specific databases include Vector DB, Cockroach DB, and Databricks, all of which have industry-standard encryption at rest and in transit. Cisco AI solutions operate within private VPC environments to enhance security.

How is our data being used?

Cisco does not use customer personally identifiable information (PII) to train AI models. Cisco AI solutions analyze usage data to improve product performance and threat detection. The Cisco Security Cloud utilizes data to provide threat intelligence and proactive security measures.

What is Cisco doing with our data?

Cisco uses customer data within its security ecosystem to enhance threat intelligence and improve security posture. Cisco Talos threat research team analyzes data to identify and mitigate security threats. Customer logs and interactions help refine Cisco's AI assistant functionality.

How is confidential information handled?

Data is classified according to Cisco’s organization-wide Data Classification taxonomy. Cisco follows country-specific data protection regulations and conducts periodic security, privacy, and supplier risk reviews. Data is encrypted at rest and in transit, ensuring protection against unauthorized access.

Is our data being used to train Cisco’s AI models?

No, Cisco AI models are trained on public open-source and industry-standard data. Customer-specific data, including PII, is not used for AI training.

If end-users input confidential data, will the AI Assistant stop it?

While the AI Assistant does not actively block confidential data input, Cisco employs security monitoring and controls to prevent unintended data exposure. Customers have control over AI features and can disable the AI Assistant if needed.

What control do we have over our data?

Customers can configure AI functionality settings and request AI Assistant deactivation. Customers own their data and logs are managed as per Cisco’s data governance policies. Cisco follows a centralized Data Governance Framework to ensure proper data lifecycle management.

Can I use the AI Assistant to create rules?

Yes, you can use the AI Assistant to create rules. The AI Assistant provides a user-friendly interface with simple prompts that guide you through the rule creation process. It ensures accuracy and efficiency, allowing you to seamlessly integrate and manage policy rules within your workflow.

What types of rules are supported by the AI Assistant?

Currently, the AI Assistant supports the Access Control Policy Rules. You can create rule to Allow, block , BLOCK_RESET. Administrators can request specific details about Access Rule policies for their tenant.

The AI Assistant is unable to create a rule, how do I fix this?

The AI Assistant is unable to create a policy rule:

Object not found: If the AI Assistant cannot find the specified object name within the tenant, it will prompt the admin to verify the object name and try again. We recommend providing the assistant with an updated prompt that includes the correct object name.
Incomplete Request: The AI Assistant requires complete and accurate information to create a rule. For a better understanding, please refer to the table below:


Object provided by the user	Required Object (The user must provide at least one of these objects to give the AI Assistantbetter context for rule creation.)
Source Zone Source Network Source Dynamic Attribute	Destination Zone Destination Network Destination Port Destination Dynamic Attribute Application URL
User	Destination Zone Destination Network Destination Port Destination Dynamic Attribute Application URL
Destination Zone Destination Network Destination Port Destination Dynamic Attribute	Source Zone Source Network Source Dynamic Attribute User Application URL
Application URL	Source Zone Source Network Source Dynamic Attribute User Destination Zone Destination Network Destination Port Destination Dynamic Attribute

Do I need to pay to use the Cisco AI Assistant for Firewall?

The Cisco AI Assistant is currently available for early customer evaluation at no cost. During this rollout phase, usage is free of charge. However, Cisco plans to include the product in the General Price List (GPL) in the future. After general availability, Cisco reserves the right to require customers to purchase a subscription to continue using the product.

Are there any limitations on features and functionality during the above -mentioned initial customer evaluation period?

No, there are no planned limitations on the usage of available functionality. During the early availability period, you will have full access to all features and functionalities of the product. However, Cisco will monitor usage levels and may, at its sole discretion, restrict or limit usage, as well as add or remove features and functionalities during this evaluation phase.

What happens if I choose not to subscribe and/or do not pay for the product after the above-mentioned period?

If you choose not to subscribe, your access to the Cisco AI Assistant for Firewall will be limited or discontinued in accordance with our policy. You will have the option to reactivate your subscription at any time.

When was the last time the Cisco AI Assistant was updated?

The AI Assistant is updated weekly with documentation changes.

In Security Cloud Control, the AI Assistant is updated every 24 hours with the policy and configuration changes you made to your devices and tenant.

In cloud-delivered Firewall Management Center, the AI Assistant is also updated every 24 hours with the policy and configurations changes you made to your devices and tenant, and in addition, responses to those questions include when the last data sync occurred.