Decision points

When making decisions, SOC analysts look at certain information that is relevant to the investigation, depending of the type of events that they are looking into. To mimic the human decisional flow, the AI models need to have access to the same decision points. Making all the relevant data points available will ensure that the patterns and connections the models optimise to reach certain decisions are fully informed.

The fields that are relevant for making a decision in regards to an event, weighing in the human process of investigation, are called in Arcanna decision points.

Once the decision points are specified, the AI model will extract unique characteristics from the alerts based on these features and will create its decision network, replicating the human decision process.

info

For additional details, check the User Guide -> Decision points selection, creation and extraction section