Cisco
Login
Search
Activity Get Started

Prompt Guide for Cisco AI Assistant

Last updated: May 27, 2025

Prompt Guide for Cisco AI Assistant

This guide provides practical sample prompts designed to help users interact efficiently with the Cisco AI Assistant across the SCC-supported products:

  • Firewall (Cisco Defense Orchestrator (CDO), cloud-delivered Firewall Management Center and on-prem Firewall Management Center)

  • Hypershield

  • Secure Access

  • Cross-Product Queries (interoperability between the three)

Understanding a Prompt

A prompt is a question or any text input that you provide to the Cisco AI Assistant to initiate a conversation or request information. Essentially, it's the question you pose to the AI Assistant. The way you format and construct your prompt plays a crucial role in determining the response from the AI Assistant.

Key Components of a prompt:

  • Clarity: Be clear and specific about what you're asking for.

  • Context: Provide necessary background information.

  • Purpose: State what you want to achieve with your prompt.

Understanding Sample Prompts?

These prompts are curated to:

  • Demonstrate real-world use cases across policy management, monitoring, threat response, and audit tasks.

  • Help users get meaningful, actionable results from the assistant quickly.

  • Reduce time spent navigating UIs or documentation by using natural language.

  • You can use these as-is or adapt them to your environment by substituting your policies, users, devices, or IPs.

Firewall (Cisco Defense Orchestrator (CDO), cloud-delivered Firewall Management Center and on-prem Firewall Management Center)

Policy Management

  • Show all access control policies applied to branch firewalls.- Helps visualize existing rule sets per location.

  • Create a new rule to block outbound FTP traffic to unknown IPs. - A quick way to apply security hardening policies.

  • What are the top 5 firewall rules by hit count? - Identifies the most-used rules for optimization.

  • Update the logging settings for policy 'Remote Users Access'. - Simplifies tuning log verbosity for specific rules.

Troubleshooting

  • Why is traffic from '192.168.1.50' being blocked?- Pinpoints misconfigurations or rule mismatches.

  • Show recent drops from internal networks to external IPs. - Aids in diagnosing outbound traffic issues.

  • What rule is causing connection failures to ' crm.company.com'? - Accelerates root cause analysis for app access failures.

Monitoring & Logs

  • Display the last 100 firewall events related to SSH. - Filters event logs by protocol of interest.

  • List all denied connections from the 'Guest VLAN'. - Ensures policy enforcement in restricted networks.

  • Filter firewall logs by high-severity threats in the last 24 hours. - Focuses attention on urgent security events.

Hypershield

These prompts help users explore Hypershield’s architecture, core concepts, and key features. They are useful for gaining foundational understanding, navigating the product, and improving security posture awareness.

  • What is the Hypershield product?

  • List all workloads affected by CVE-2024-12345. - Supports targeted patching or isolation efforts.

  • Are any of my workloads exposed to critical RCE vulnerabilities? - Surfaces the most dangerous exposures to address first.

  • What is the Hypershield AI Assistant?

  • What is a DPU (data processing unit)?

  • What is the dual dataplane?

  • What is the cedar policy language?

  • Please explain the PARC acronym.

  • What is a TSA agent?

  • What is a 5 tuple network policy?

  • Please explain the difference between a network policy and an application policy as it pertains to enforcement points.

  • What is a compensating control?

Policy, Visibility, and Workload Queries

  • How do I view my existing policies?

  • Is there a limit on the number of policies I can enable?

  • Where can I view my completed tests?

  • How long will it take for a policy to test and be deployed?

  • How are the policies tested before being deployed in a production environment?

  • What sort of queries can I run against a workload?

  • How can I look at active workloads?

  • How is traffic segmented across Hypershield zones?

Useful for managing enforcement policies, monitoring test behavior, and understanding the state of active network protections.

Vulnerability & Updates

  • What is a CVE?

  • How does a CWE relate to a CVE?

  • Can Hypershield prevent zero day exploits?

  • How can I ensure my devices are up to date?

  • Describe the steps needed to monitor an update in the dual dataplane.

  • What is the process for updating the machine learning models with new threat intelligence?

These prompts support vulnerability management workflows and help ensure that environments stay secure and current.

Security Behavior and Anomalies

  • How does the AI component of the firewall work to identify and respond to threats?

  • What types of network traffic anomalies can the system detect?

  • How does the system deal with false positives and false negatives?

  • How is user and application behavior profiling handled by the firewall?

  • Can the firewall policies be tailored for specific applications or services?

  • How does the firewall handle encrypted traffic analysis?

Ideal for teams doing behavioral analysis, threat detection, and refining policies to reduce alert fatigue.

Documentation, Resources & Compliance

  • Where can I view API documentation?

  • Where can I view previous conversations?

  • What are the best resources for staying up to date with security exploits?

  • Are there any regulatory compliances that the firewall system adheres to?

  • What mechanisms are in place for Hypershield to ensure compliance with industry-specific security standards such as HIPAA, PCI-DSS, or GDPR?

  • What kind of training data is required for the machine learning algorithms?

These help security and compliance teams align operations with industry standards and stay informed.

Integration, Performance, and Support

  • Can Hypershield integrate with other security platforms for a comprehensive threat intelligence and response strategy?

  • What is the impact of Hypershield on network performance and latency?

  • What reporting and alerting features does the firewall offer?

  • What are the best practices for configuring and maintaining the firewall to ensure optimal performance and security?

  • What levels of technical support are available for troubleshooting and assistance?

  • Please describe observation mode vs enforcement mode.

These prompts provide operational guidance and help users optimize for performance, visibility, and support readiness.

Secure Access

Access Control Policies

  • What is the Edge ACP policy applied to the 'Engineering' group? - Surfaces applicable user access policies.

  • Create a rule to allow 'contractors' access to 'finance-dashboard' only during business hours. - Demonstrates time-bound least privilege access.

  • Block access to social media sites for all users between 9 AM and 6 PM. - Supports productivity controls and acceptable use enforcement.

User Access & Troubleshooting

  • Why can't user 'jdoe' access 'internal-app.corp'? - Root cause isolation for access issues.

  • List policy violations triggered by 'remote-sales-team' this week. - Audit trails for high-risk user groups.

App Visibility

  • Which apps were accessed through Secure Access by user ' alex.lee@company.com' today? - Validates app usage and abnormal patterns.

  • Summarize app traffic types categorized as high risk. - Enhances app risk profiling.

Cross-Product Queries

These prompts are useful for security operations teams seeking to investigate incidents, correlate across products, or optimize policies holistically. They reflect common use cases where data spans across multiple systems.

Incident Response & Threat Correlation

  • Identify and provide details for the recent threat.

  • Suggest the best action for the threat.

  • Display a timeline of access failures.

User Behavior & Access Monitoring

  • Show MFA failures for blocked traffic.

  • List all users who triggered high-risk policies this week.

Policy Optimization & Recommendations

  • Recommend policy updates based on risky behaviors.

  • Highlight overlapping rules across Firewall and Secure Access for the 'Contractor' group.

Audit & Compliance

  • Generate an audit report of all cross-platform access denials.

  • Which rules are associated with endpoints under surveillance?

Best Practices

  • Be specific: Define actions, users, resources, and timeframes clearly.

  • Use recognized keywords: Like Allow, Block, List, Update, Diagnose, etc.

  • Break-down complex tasks: Use a series of focused prompts.

  • Provide context: Include IPs, usernames, policy names, etc., for accurate responses.

Previous topic Cisco AI Assistant Best Practices