About the Illumio Virtual Advisor
The Illumio Virtual Advisor (IVA) is an AI-powered assistant integrated into the Illumio platform. Use natural language to ask questions, investigate security risks, and accelerate security workflows.
Use IVA to visualize all traffic from a compromised server so you can take quick action to stop the risk. You can also use IVA to see all traffic from risky ports so you can preempt and prevent breaches.
Illumio's Al-powered zero trust segmentation helps enhance workload visibility and ensure more proactive segmentation controls so you can stop attacks before they happen.
Illumio does this with actionable guidance, automated labeling, and robust policy recommendations.
By reducing the time and effort required to operate a Zero Trust Segmentation platform, Illumio empowers organizations to respond to the threat of Al-powered attacks by containing spread and getting insights more quickly.
IVA supports actions on the following Servers and Endpoints pages:
Map
Policy
Workloads
Traffic
IVA supports actions on the following Illumio Cloud pages:
Applications
Inventory
Map
Traffic
IVA can answer questions related to Illumio products and provide best practices recommendations to improve security based on feedback and questions generated from Illumio support.
Illumio Virtual Advisor capabilities
Ask questions in plain language: Get quick answers about your environment's security posture, Illumio features, and best practices.
Visualize and investigate traffic: Instantly filter maps and traffic logs to understand communication patterns, especially from potentially compromised workloads or over risky ports.
Accelerate investigations: Let IVA translate your questions into precise filters on supported pages, saving you time and effort.
Using the Illumio Virtual Advisor
To open the Illumio Virtual Advisor, click the IVA icon
located next to your user name.The IVA interface has two primary views: the Chat tab and the Take Action tab.
Use the Chat tab.
The Chat tab is best for general questions and knowledge-based inquiries. IVA uses natural language processing to provide answers based on Illumio documentation and security best practices.
Use this tab to ask questions or make requests like the following:
What is the best way to label my environment?
Explain the 'enforcement' modes
How do I create a basic ringfence policy?
Use the Take Action tab.
The Take Action tab is a context-aware tool that interacts directly with your workload and traffic data. When you ask a question here, IVA automatically applies the relevant filters to the page you are viewing.
Navigate to the Traffic page.
Open IVA and select the Take Action tab.
Type "Show me all web traffic in my Production environment for the last week."
IVA automatically applies the following filters to your traffic data, showing the web traffic you requested.
Environment: Production
Ports and Protocols: 80, 443
Time range: Last 7 days
IVA-enabled pages
IVA helps you accelerate investigations by performing search and filtering actions on your data. These are read-only operations. This means that IVA retrieves and displays information based on your questions but does not modify any of your configurations such as policies or labels.
Use IVA search on these pages.
Illumio Pages | Search Action Example |
|---|---|
Map | "Show me the traffic between the Dev and Production environments." |
Policy | "Find all rules that apply to the 'app: web-server' label." |
Workloads | "Find all rules that apply to the 'app: web-server' label." |
Traffic | "Get all blocked traffic events on port 22 for the last day." |
Illumio Cloud Page | Search Action Example |
|---|---|
Applications | "Find cloud applications that use an Oracle database." |
Inventory | "Show me all EC2 instances with public IP addresses." |
Map | "Map all connections to my 'PCI-VPC' in AWS." |
Traffic | "Retrieve all traffic logs from my Azure subscription for last week." |
IVA use cases
These are some examples of how IVA can help you secure your environment.
Task to Accomplish | Question to ask IVA |
|---|---|
Investigate compromised server | "Show all outbound connections from server db-prod-01." |
Audit risky ports | "What workloads are communicating over RDP?" |
Analyze application traffic | "Visualize all traffic for the Billing application." |
Prepare to block unwanted traffic | "Show me all traffic to my PCI environment from non-PCI workloads." |
Best Practices
Ask questions in the Support tab, not in the Take Action tab, and vice versa.
Ask questions related to Illumio or information security.
Ask questions related to the feature you have active in the UI. Asking Core-related questions while you are in a Servers and Endpoints feature will give you inaccurate answers.
Use the Take Action tab for things related to the feature you have active in the UI. For Servers and Endpoints, the Take Action tab is available on the Map and Traffic pages. For Core, the Take action tab is available on the Cloud Map and Traffic pages.
Ask questions that are 50 words or fewer in length.
Ask no more than seven questions per minute, per tenant, for best performance.
Filters support AND with the following terms:
Cloud Map and Cloud Traffic:
Cloud
Regions
Account ID
Resource Type
Maps and Traffic (Servers and Endpoint):
Source: labels
Destination: labels
Service port and protocol
Time Range
Note
Transparency Notice: Illumio confirms that Customer Data processed through the Illumio Virtual Advisor feature (IVA) will not be commingled with the data of other customers. It will remain logically separated to ensure data integrity and confidentiality and will not be used to train a large language model.
Customer Data will only be used within the bounds of the customer's instance and strictly for the purpose of the Company providing the IVA feature to Customer. This includes the operation, maintenance, support, and improvement of IVA, but does not include use for any other purposes without Customer's explicit consent.
The Customer agrees that any output of IVA is merely a suggestion or recommendation to be taken under advisement by the Customer and must be independently reviewed, verified, and assessed for accuracy by the Customer.