← Back to Portal

No matching help topics found.

Try a shorter term, or browse the FAQs.

🏠

Portal Overview

The Illuminate AI Portal is Sentinel's unified platform for AI-assisted sales, security, and operations intelligence. All features live behind Microsoft Entra ID (Azure AD) single sign-on — no separate passwords required.

Signing In

  1. Navigate to the portal URL (e.g. https://illuminate.sentinel.com).
  2. Click Sign-In. You will be redirected to Microsoft's login page.
  3. Authenticate with your Sentinel corporate account (MFA if required).
  4. You are redirected back to the portal, which sets a server-side session cookie. This cookie is used for all subsequent API calls — you do not need to sign in again during the session.

Navigation

After sign-in you land on the Sentinel Hub page (Sentinel.html). Use the card grid to navigate to each tool. The sidebar (where present) lets you switch between tool sub-views. Most tools require your Sentinel role to be set in the system — contact your admin if a card is greyed out.

Environment Banners

DEV Orange banner

You are on the development environment. Data may be reset at any time.

UAT Red banner

You are on the UAT (User Acceptance Testing) environment. Used for validation before production releases.

📡

Customer Intelligence / Sales Notify

Customer Intelligence (also called Sales Notify) continuously monitors your customer accounts for signals that indicate risk, opportunity, or required action — then surfaces those signals as prioritized alerts in the dashboard.

What It Does

  • Monitors contract renewal dates, support expiry, device end-of-life, and security advisories.
  • Pulls in Cisco EoX / PSIRT data correlated against each customer's installed base.
  • Runs nightly AI scoring to rank accounts by urgency and revenue impact.
  • Sends email / Teams notifications to the assigned account manager when a threshold is crossed.

The AI Pipeline

Data ingestion → Enrichment → Scoring → Notification

Raw CRM and installed-base data is enriched with public Cisco lifecycle records. Azure OpenAI then generates a plain-English summary and risk score (0–100) for each account. Accounts above configurable thresholds trigger notifications.

Using the Dashboard

  1. Select Customer Intelligence from the Hub.
  2. Use the Account filter or search box to narrow to a specific customer.
  3. Alerts are colour-coded: High (immediate action), Medium (within 30 days), Low (informational).
  4. Click an alert row to expand the AI-generated summary and recommended next steps.
  5. Click Export to download the current filtered view as CSV.

Understanding the Feed Intelligence

The Feed Intelligence panel (bottom of the dashboard) shows the raw signals that contributed to each alert: PSIRT advisories, renewal dates within 90 days, EoX milestones, and open support cases. Each signal includes its data source and last-updated timestamp.

Alert Severity Definitions

High — Immediate action required

A critical security vulnerability (CVSS ≥ 9.0) or a contract expiring within 14 days.

Medium — Action within 30 days

CVSS 7.0–8.9, end-of-software-maintenance within 60 days, or renewal within 30 days.

Low — Informational

End-of-sale announcements, minor advisories, or renewal reminders beyond 30 days.

💬

Sentinel ChatBot

The Sentinel ChatBot lets you ask questions about your customer data, Sentinel products, Cisco lifecycle information, and internal knowledge — all through natural language. No special query syntax required.

How to Use

  1. Open ChatBot from the Hub or sidebar.
  2. Type your question in the chat box and press Enter or click Send.
  3. The assistant streams the response in real time. Sources cited in the answer are clickable.
  4. Use the conversation history to ask follow-up questions — the bot retains context within a session.
  5. Click New Chat to start a fresh conversation (clears context).

Good Questions to Ask

  • "Which customers have Cisco ASA devices reaching end of support in the next 90 days?"
  • "Summarize open PSIRT advisories for Catalyst 9300 switches."
  • "What are our renewal opportunities in the healthcare vertical this quarter?"
  • "Draft a customer-facing summary of CVE-2024-XXXXX."
  • "What Sentinel services cover network segmentation?"
  • "Show me lessons learned from past firewall migration projects."

Scope and Limits

What the ChatBot can access
  • Installed-base and account data (filtered to your permission level)
  • Cisco EoX / PSIRT / lifecycle data
  • Sentinel product and service catalog
  • Lessons Learned repository
  • Internal knowledge-base articles (where indexed)
What the ChatBot cannot do
  • Access live internet or external websites
  • Modify any records — it is read-only
  • Access data outside your assigned accounts (respects RBAC)
  • Provide legally binding security advice

How It Searches Data

The ChatBot uses a Retrieval-Augmented Generation (RAG) architecture. Your question is converted to an embedding vector, matched against a pre-built index of your data, and the top relevant chunks are passed to Azure OpenAI alongside your question. The model generates an answer grounded in those chunks — it does not hallucinate data that isn't in the index.

📊

Reports

The Reports module provides pre-built and on-demand reports across accounts, renewals, security posture, and pipeline intelligence.

Available Reports

Account Health Summary

Per-account risk score, open alerts, upcoming renewals, and EoL device count. Useful for QBR preparation.

Renewal Pipeline

All contracts expiring within a configurable window (30 / 60 / 90 days), with contract value and account manager. Export to CSV for CRM import.

PSIRT Exposure Report

Customers affected by active Cisco security advisories, ranked by CVSS score. Includes remediation guidance.

End-of-Life Device Report

All installed-base devices past or approaching EoX milestones across all customers.

AI Activity Log

Audit trail of all Azure OpenAI requests made by the platform — visible to admins only. Includes prompt, response, token count, latency, and model version.

Exporting Reports

  • Most reports support CSV export for data manipulation in Excel.
  • Account Health and PSIRT reports also offer PDF export for customer delivery.
  • Use the Date Range filter before exporting to scope the data.

How to Read the Reports

All reports use traffic-light colouring: Red = critical / expired, Yellow = warning / approaching, Green = healthy. Column headers are sortable — click to sort ascending/descending.

🛡️

SIEM Validator / Security

The SIEM Validator reviews a customer's SIEM configuration, log-source inventory, and detection rules against best-practice benchmarks and known-gap patterns, then generates a prioritised remediation report.

What It Validates

  • Log-source coverage (are all critical asset categories sending logs?)
  • Detection rule quality (duplicates, disabled rules, low-fidelity alerts)
  • Retention policy compliance (minimum 12 months for most frameworks)
  • Alert tuning — false-positive suppression lists that may be too broad
  • Integration health (data connectors showing as disconnected or delayed)

How to Use

  1. Select the customer from the account picker.
  2. Choose the SIEM platform (Microsoft Sentinel, Splunk, QRadar, etc.).
  3. Upload or paste the configuration export / API credential (read-only).
  4. Click Run Validation. The analysis typically takes 30–90 seconds.
  5. Review findings grouped by severity. Expand each finding for AI-generated remediation steps.
  6. Export as PDF for customer delivery or internal ticket creation.

Understanding Results

Each finding includes a Finding ID, affected component, severity, description, and recommended action. Findings marked Critical should be addressed before any compliance audit. The overall Coverage Score (0–100) reflects log-source completeness relative to the MITRE ATT&CK framework.

🔌

Cisco Intelligence

Cisco Intelligence aggregates Cisco's public lifecycle and security data — End-of-X (EoX) milestones, PSIRT advisories, and software release data — and maps it against each customer's installed base.

EoX Milestones

End of Sale (EoS)

The last date to order the product from Cisco. After this date the model is no longer sold new, though support continues.

End of Software Maintenance (EoSM)

No new bug-fix releases after this date. Security patches may still be issued until EoSS.

End of Security / Vulnerability Support (EoSS)

No further security patches. Running affected software beyond this date is a compliance and security risk.

Last Day of Support (LDoS)

TAC no longer accepts cases for this product. This is the hard end-of-life date.

PSIRT Advisories

Cisco PSIRT (Product Security Incident Response Team) publishes security advisories for vulnerabilities in Cisco products. Each advisory is assigned a CVSS score (0–10). The portal colour-codes advisories as:

  • Critical CVSS 9.0–10.0 — patch immediately.
  • High CVSS 7.0–8.9 — patch within 30 days.
  • Medium CVSS 4.0–6.9 — patch within 90 days.
  • Low CVSS 0.1–3.9 — patch at next maintenance window.

Interpreting Results

The Affected Customers column shows how many accounts in your portfolio have at least one device running the vulnerable software version. Click a count to see the customer list with their device models and installed versions, helping you prioritise outreach.

🔍

Solution Explorer

The Solution Explorer helps you quickly identify which Sentinel products and services best fit a customer's use case, technology stack, or pain point — powered by AI-assisted product matching.

Finding Solutions

  1. Enter a customer pain point or requirement in the free-text search box (e.g., "zero trust network access for remote workers").
  2. Optionally select a Technology Category (Networking, Security, Collaboration, etc.) to narrow results.
  3. Click Search. The AI ranks matching Sentinel offerings by relevance.
  4. Review the top results. Each card shows the product name, brief description, and fit score.
  5. Click a card to see full product details, datasheet links, and suggested next steps.

How Product Matching Works

Your query is embedded and compared against a vector index of the Sentinel product catalog (descriptions, use cases, technical specs). The top-K matches are re-ranked by Azure OpenAI using the full product descriptions to ensure semantic accuracy beyond simple keyword matching.

Keeping Results Current

The product catalog is re-indexed automatically when administrators update catalog entries in the admin panel. If a product appears missing, contact your portal admin to verify it is in the catalog.

📄

SOW Generator

The SOW Generator uses Azure OpenAI to draft a Statement of Work document from structured inputs, saving hours of manual writing while ensuring consistency with Sentinel's standard SOW template.

Required Inputs

  • Customer name and primary contact
  • Project type (e.g., network assessment, SIEM deployment, firewall migration)
  • Scope description — free text describing what will be done
  • In-scope / Out-of-scope items (you can add bullet points)
  • Estimated duration and number of Sentinel resources
  • Deliverables list (e.g., as-built documentation, test results, training)
  • Assumptions and dependencies

Generating the SOW

  1. Fill in all required fields on the SOW form.
  2. Click Generate Draft. Azure OpenAI drafts the document (typically 20–40 seconds).
  3. Review the generated text in the preview panel. Edit any section inline.
  4. Click Download DOCX to export the document in Microsoft Word format.
  5. The DOCX uses Sentinel's branded template with headers, footers, and logo.

Important Notes

Generated SOWs are drafts only. Always have the document reviewed by a practice manager or legal contact before sending to the customer. The AI may include placeholder text in brackets — search for [ before finalising.

📚

Lessons Learned

The Lessons Learned repository captures post-project knowledge from completed Sentinel engagements, sourced from ServiceNow records. Use it to avoid repeating past mistakes and to find proven approaches for similar projects.

ServiceNow Integration

Lessons are automatically pulled from ServiceNow project closure records and enriched with AI-generated tags and summaries. Records sync nightly. The portal displays the structured lesson title, full description, project type, technology area, and contributing engineer.

Searching and Filtering

  1. Use the keyword search to find lessons by technology, customer type, or issue description.
  2. Filter by Project Type (e.g., Security, Networking, Collaboration) to scope results.
  3. Filter by Date Range to find lessons from recent projects.
  4. Sort by Relevance (AI-ranked) or Date (newest first).

Adding Lessons

New lessons are added through the standard ServiceNow project closure process. If you have a lesson that should be captured outside of a formal project closure, contact your project manager or use the Submit Lesson button (visible to SOC and Manager roles).

📋

Project Plan

The Project Plan tool provides AI-assisted project planning for Sentinel engagements — from generating an initial work-breakdown structure (WBS) to tracking milestone progress.

Creating a Plan

  1. Click New Project Plan and enter the project name, type, and target completion date.
  2. Enter a brief scope description. The AI generates a suggested WBS with phases, tasks, and estimated durations.
  3. Review and edit the generated tasks — add, remove, or re-order as needed.
  4. Assign tasks to team members and set dependencies.
  5. Save the plan. It is stored and accessible to all team members with access to the project.

How AI Assists with Planning

Azure OpenAI draws on Sentinel's historical project data (via Lessons Learned and internal templates) to generate realistic task lists, flag common risk areas, and suggest realistic durations based on past similar engagements.

Tracking Progress

  • Mark tasks Complete, In Progress, or Blocked.
  • The plan header shows overall percent complete and days remaining.
  • Blocked tasks generate an automated notification to the project manager.
  • Export the plan as an Excel workbook for sharing with customers.
🤖

AI & Calculations Explained

All AI features in the Illuminate Portal are powered by Azure OpenAI Service — Microsoft's enterprise deployment of OpenAI models hosted in Sentinel's Azure tenant. No data leaves the tenant boundary.

Azure OpenAI Usage

Models in Use
  • GPT-4o — used for complex analysis, SOW generation, and ChatBot responses.
  • text-embedding-3-large — used for semantic search / RAG indexing in ChatBot and Solution Explorer.
  • GPT-4o-mini — used for fast, cost-efficient tasks such as tag generation and short summaries.

How Prompts Drive Each Feature

Customer Intelligence Scoring

A structured prompt supplies account data (devices, contracts, advisories) and asks the model to return a JSON object with a risk score (0–100) and a plain-English rationale. Scores are deterministic — temperature is set to 0.

ChatBot

A system prompt establishes the assistant's role and data scope. Retrieved chunks are injected into the user turn with source citations. The model is instructed to cite sources and decline if no relevant data is found.

SOW Generator

A detailed system prompt provides Sentinel's SOW style guide and mandatory sections. User-provided inputs are formatted as a structured template and passed as the user message. Temperature is set to 0.3 for minor creative variation while keeping output professional.

SIEM Validator

Configuration data is passed to the model with a checklist-style system prompt aligned to NIST and CIS benchmarks. The model returns a structured JSON array of findings, each with ID, severity, description, and remediation.

How Risk Scores Are Calculated

Risk scores are a weighted composite:

  • 40% — Security advisory severity (max CVSS across open advisories)
  • 25% — EoX proximity (months until LDoS, scaled 0–100)
  • 20% — Contract renewal urgency (days until expiry)
  • 15% — Support case volume (open P1/P2 cases, last 90 days)

The AI is then asked to review this weighted score and adjust ±10 points based on qualitative context. The final adjusted score is what appears in dashboards.

AI Call Audit Log

Every request to Azure OpenAI is logged in the AI Calls tab (admin only) with: timestamp, feature, model, prompt tokens, completion tokens, latency (ms), and full prompt/response text. This enables cost tracking, quality auditing, and debugging.

Data Privacy

All Azure OpenAI calls are made within Sentinel's Azure subscription. Customer data sent in prompts is subject to Sentinel's data handling policies and Microsoft's enterprise data protection commitments. No data is used to train OpenAI models.

👤

User Roles

Access to features is controlled by your assigned role, which is set by a portal administrator. Roles map to Sentinel job functions.

Feature admin soc manager broad epmo
Customer Intelligence
ChatBot
Reports
SIEM Validator
Cisco Intelligence
Solution Explorer
SOW Generator
Lessons Learned
Project Plan
AI Call Audit Log
Admin Panel

Role Descriptions

admin Administrator

Full access to all features, admin panel, user management, AI call audit log, and system configuration. Assign this role only to portal administrators.

soc SOC Analyst

Access to security-focused features: SIEM Validator, Cisco Intelligence, ChatBot, and Reports. Cannot generate SOWs or manage projects.

manager Account / Practice Manager

Broad access including SOW Generator, Project Plan, and all reporting. Typical role for account managers and practice leads.

broad Broad User

Read access to sales and customer intelligence features. Suitable for SE / presales who need account context but not security tooling or project management.

epmo EPMO / PMO

Project management focus: access to Project Plan, Lessons Learned, ChatBot, and Solution Explorer. No access to security or sales intelligence features.

Requesting a Role Change

Contact your portal administrator or raise a request via the standard IT helpdesk process, referencing "Illuminate Portal role change." Include your name, email, current role, and requested role with business justification.

Frequently Asked Questions

I clicked Sign-In but nothing happened. What do I do?
Your browser may be blocking the Microsoft login pop-up or redirect. Ensure you are using an up-to-date browser (Chrome, Edge, or Firefox) and that pop-ups are not blocked for the portal domain. If the issue persists, clear your browser cache and cookies for the portal domain and try again.
I get "Authentication check failed" after signing in.
This means the portal backend could not validate your Microsoft token. Possible causes: (1) Your account is not provisioned in the portal — contact your admin. (2) Your Entra session has expired — sign out, clear the browser cache, and sign in again. (3) A network issue is blocking the auth preflight call — check your corporate VPN or proxy settings.
A feature card is greyed out on the Hub. Why can't I access it?
Your role does not include access to that feature. Refer to the User Roles section above to see which roles have access to each feature. Contact your portal administrator to request a role change if you need access.
The ChatBot says "I couldn't find relevant information." What does that mean?
The RAG search did not return results that met the relevance threshold for your question. Try rephrasing with more specific terms or breaking the question into smaller parts. If you believe the data should exist, check with your admin whether the relevant data source is indexed.
How often is customer intelligence data refreshed?
Customer intelligence data (installed base, contracts, alerts) is refreshed nightly. Cisco PSIRT advisories are pulled every 4 hours. Cisco EoX data is refreshed weekly. If you believe specific data is stale, check the "Last Updated" timestamp in the dashboard header, then contact your admin if it is more than 24 hours old.
Is the data in this portal sent to OpenAI for training?
No. All AI calls go through Sentinel's Azure OpenAI Service deployment, which uses Microsoft's enterprise data protection commitments. Microsoft has confirmed that data submitted to Azure OpenAI is not used to train or improve OpenAI foundation models.
Can I use the portal on a mobile device?
Yes. The portal is mobile-responsive. The sidebar navigation collapses on small screens. For the best experience on complex tools (SIEM Validator, Reports), a desktop browser is recommended.
I generated a SOW but it has placeholder text in brackets. Is that normal?
Yes. The AI sometimes inserts bracket placeholders (e.g., [Customer Legal Name]) where it could not determine the correct value from your inputs. Always search the document for [ before sending to a customer and replace all placeholders.
How do I report a bug or request a new feature?
Raise a ticket via the IT helpdesk and tag it "Illuminate Portal." For urgent production issues, contact the Illuminate-AI engineering team directly at your internal support channel. Feature requests are reviewed in the quarterly roadmap planning cycle.
What is the difference between DEV, UAT, and Production?
DEV is the development environment — engineers test new features here. Data resets frequently. UAT (User Acceptance Testing) is used to validate new releases before they go live; data mirrors production periodically but may lag. Production is the live environment used for real customer data. Each environment shows a coloured banner at the top of the page.
Illuminate AI Portal — Help & User Guide — © 2026 Sentinel. All rights reserved.