AI jobs

Definition

While the industry does follow common security practices and guidelines, each Security Operation Center has its own environment, tools, and security policies that it imposes in order to counter attacks and potential threats with maximum efficiency. With this as a prerogative, Arcanna.AI adapts to the specificity of each environment, becoming tailored based on how the team works, not how it assumes it would work.

AI Jobs are the core of Arcanna.AI. Each AI Job embodies an end-to-end investigative flow for events that are being analyzed based on a common set of decision points. AI Jobs map the SOC investigation process to an AI-driven process that gathers decision points relevant for the current flow, generates a decision for each event, presents it to the user for feedback and performs post-decision tasks.

One investigation flow differs from another one through its decision points relevance and event causality. Therefore, each AI Job will have its own AI models trained in order to learn the particularities and patterns of individual flows.

One example of an AI Job could be presented as such: Input: Read notable events from Splunk -> Enrichment: Add VirusTotal enrichment to it -> Decision: Assign decision with AI models -> Post-decision: Consume decision output in a SOAR playbook as a decisional node & Send Slack notification for a certain decision type.

About the AI models

When first creating a new AI Job, we start off by using an untrained AI model that will be able to process any type of security alert. This initial model will have no knowledge embedded. Each model will be then assigned decision points, relevant for the investigation flow it needs to map, and will learn and evolve based on the analysts' feedback. Once an initial training is performed, it will be able to start deciding upon events, since it will have examples of decisions from which to start building decisional patterns.

info

For additional information, check Creating your first AI Job section.