Overview
The AI Agent is a built-in AI Agent module in the CFW console. It leverages CFW's rules, alarms, logs, traffic data, and product documentation to provide AI-assisted capabilities in two forms: conversational interaction and full-screen reports. These capabilities can be used for product Q&A, security analysis, and situation report generation.
Capability Overview
|
Product Q&A | Provide conversational Q&A on CFW features, configuration items, log fields, and common issues. |
Security analysis | Quickly analyze a single alarm or a piece of log, and provide investigation conclusions and handling recommendations. |
Report generation | Generate various types of security reports, including alarm comprehensive analysis, full traffic deep insight, east-west traffic visualization, and exposure surface risk insight. |
IM notification | After binding a third-party IM, you can receive report-ready notifications in the IM. |
Prerequisite
You already have the required resource and log viewing permissions. If not, go to the CFW purchase page to purchase them. The AI Agent is currently in public beta and requires no additional application. If you encounter any issues during use, you can contact a Tencent Cloud account manager or submit a ticket for consultation. Sub-accounts can use the conversation and report features only after being granted relevant CFW access permissions by the root account through CAM.
Operation Steps
Initiating a Conversation
Direct Inquiry
1. Log in to the CFW console and click AI Agent in the left sidebar. 2. You can directly ask questions in the conversation regarding CFW product features, configuration items, log fields, common issues, and so on. For example,
What are the differences between an Enterprise Security Group and a traditional security group?
What is the difference between "Allow" and "Permit" in intra-VPC rules?
Can the source address after NAT be seen in the public network firewall logs?
3. Click Send or press the Enter key to submit.
4. The AI Agent provides its answer in the reply area. You can then perform follow-up operations based on this answer, such as log query, rule adjustment, or asset investigation.
Note:
The answers and reports generated by the AI Agent are based on existing CFW data and product documentation. The conclusions and suggestions are provided for reference only. For formal actions, please execute them after combining the alarm details, traffic logs in the console, and manual analysis.
5. Context is retained for multiple rounds of questions within the same session, and the AI Agent refers to previous questions and answers when responding. Click Create Dialogue in the upper-right corner of the conversation area to enable a new session without context.
6. Click Conversation History in the upper-left corner of the AI Agent to view a previous session. Session history is displayed in reverse chronological order, with a maximum of 30 entries retained. When the number exceeds 30, the earliest session is automatically overwritten.
Using Preset Scenarios
The preset scenarios provide commonly used question templates across four dimensions: Security Investigation, Product Q&A, Security Report and Troubleshooting. After you click a template, the corresponding text is populated into the dialog box. You can edit it and then click Send.
The descriptions and typical scenarios for each dimension are as follows:
|
Security Investigation | Perform in-depth security analysis and provide investigation conclusions and handling recommendations. | Alarm investigation, rule optimization analysis, vulnerability impact assessment, abnormal outbound connection detection. |
Product Q&A | Consult CFW features, configuration methods, asset status, and so on. | Feature usage guidance, asset query, concept explanation. |
Security Report | Generate various types of security analysis reports. | Alarm analysis report, traffic insight report, exposure surface report |
Troubleshooting | Troubleshoot common issues encountered during firewall usage. | Connectivity failure, rule mismatch, IPS non-interception, NAT forwarding exception. |
Generating a Security Report
The AI Agent supports generating various types of analysis reports through conversation. These reports are presented in a full-screen page. In the report list below the dialog box, you can view and download historical reports. Both conversations and report generation are counted toward the Token quota.
The supported report types and their content focus are as follows:
|
Comprehensive alarm analysis | Trends of alarms, Top attack sources, Top rules hit, typical events, and so on, within a selected time range |
Full traffic deep insight | Overall trend of north-south traffic, newly added access relationships, abnormal sessions, and so on. |
East-west traffic visualization | Access relationships and traffic composition between VPCs and between subnets |
Exposure surface risk insight | Changes in the internet-facing attack surface, risk levels of exposed assets, risky services, and so on. |
The report time range is supported in three options: 24 hours, 3 days, and 7 days. If not specified in the question, the AI Agent will prompt you during the conversation to select one from these three options.
Initiating a Report in a Conversation
1. Log in to the CFW console and click AI Agent in the left sidebar. 2. In the conversation input box, describe the report content you need, for example, "Generate a comprehensive alarm analysis report for the last 7 days."
3. Follow the prompts from the AI Agent in the conversation to confirm parameters such as the report type and time range. After confirmation, the report generation begins.
4. The conversation area displays the report generation progress. After the report is generated, you can click View Report in Full Screen or Download on the right side of the conversation.
Note:
If report generation is not completed within 5 minutes, a "Generation timeout, please try again later" message will appear in the conversation. You can then restart the process from within the conversation.
Viewing and Downloading Historical Reports
1. In the Report List below the dialog box, you can view the historical reports generated by your current account.
2. Click Target Report to go to the report full-screen page, where you can view the analysis conclusions section by section.
3. Click Download in the upper-right corner of the target report to download the current report in PDF format to your local device.
Binding IM to Receive Notifications
After IM is bound, a notification is pushed via IM when the report generation is complete. You can click the link in the notification to navigate to the report page and view the details.
1. Log in to the CFW console and click AI Agent in the left sidebar. 2. On the AI Agent page, click IM Binding Settings in the upper-right corner.
3. In the pop-up window, select the IM to bind: WeCom, WeChat, or Lark.
4. Scan the QR code on the page in the corresponding client and complete the binding as prompted.
Note:
The QR code expires after being displayed for approximately 5 minutes. After it expires, the page displays a "QR code expired" message. Click Refresh QR Code to obtain a new one and then scan it.
5. In the same window, click Unbind next to the corresponding IM. After confirmation, the binding is removed, and the previously bound IM will no longer receive notifications.
Viewing Token Quotas
The CFW AI Agent manages usage based on Token quotas.
1. Log in to the CFW console and click AI Agent in the left sidebar. 2. On the AI Agent page, you can view the remaining Token quota for your current account in the upper-right corner.
3. Token quotas are configured by Tencent Cloud based on business requirements. To apply for a quota, click Request Quota in the upper-right corner.
4. When the quota is exhausted, message sending is paused, and a notification is displayed in the chat area. New conversations and reports can only be initiated after the quota is restored.