Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=cases-ai-assistant

AI Assistant

You must join the New AI Features Early Access Program to use this feature.

You must be an Admin or Super Admin to use this feature.

The AI assistant is a generative AI-powered tool that lets you investigate security issues using natural language prompts.

Underpinned by the Sophos Data Lake and AI-driven analytics, the AI Assistant makes security analysis more effective.

You can use it to investigate cases as follows:

  • Select predefined prompts. These can generate a case summary, get details of activity on devices, show actions you can take, and more.

  • Enter your own prompts.

You can add the AI Assistant's responses to your case notebook.

Get started with AI Assistant

  1. Go to Threat Analysis Center > Cases.

  2. In the Cases list, click the Case ID of the case you want to investigate.

    Cases list showing CaseID.

  3. On the Case Details page, in the main pane on the right, select the AI Assistant tab.

    Case details with AI Assistant tab highlighted.

  4. In the AI Assistant tab, enter a prompt in one of the following ways:

    • Click one of the prompts on the blue cards to add it to the search bar. You can edit the prompt text in the search bar to suit your needs, if you want to.

      To see more predefined prompts, enter a forward slash / in the search bar.

    • Enter your own prompt in the search bar.

    AI Assistant tab with a question selected.

  5. Click Send.

    "Send" button.

  6. Wait for a response. A dotted progress indicator is shown beside the prompt.

    Progress indicator.

When the response is ready, the AI Assistant shows it.

Summarize your case

The AI Assistant can write a summary of your case.

You can request this summary in two places in the case details pages:

  • On the Overview tab, in the Case summary pane, click the AI icon. When the summary is shown, click Insert to add it to the pane.

    Case summary pane showing the AI icon.

  • On the AI Assistant tab, click the predefined Summarize the case prompt.

Save responses to your case notes

You can save the AI Assistant's responses in your case's Notebook tab.

Save a single response

To save a single response, click the plus sign icon under that response.

Icon with "Add to case" tooltip.

Save multiple responses

  1. In the AI Assistant tab, click the three dots icon next to the Send button.

    AI Assistant tab with the Additional options icon highlighted.

  2. Select Select responses.

    Checkboxes are now shown next to each response on the tab.

    More options menu with "Select responses" selected.

  3. Select the checkbox next to each AI response you want to add to the notebook.

  4. Click Add to case.

The responses are added to the Notebook tab.

Clear responses

You can delete all the AI Assistant's responses in the current thread and restart your investigation.

  1. On the left of the search bar, click the blue plus sign icon.

    "Start new thread" icon.

  2. Confirm that you want to delete all the history.

Who can see the responses?

Other Sophos Central admins can use the AI Assistant to investigate the same case, but only you can see the thread you started.

However, if you add responses to the Notebook tab, other admins with access to this case can see them.