Skip to main content

Integrations

Arcanna.ai connects with a variety of platforms used within the SOC ecosystem, such as SIEMs, SOARs, data warehouses, case management systems, threat intel, email, notification systems, and the list can go on. The integrations are plug-and-play, don't require any coding skills, but simply basic configuration parameters for the API connectors. Giving access to all the relevant data to Arcanna ensures the quality of the decisions it will further on make.

While they might have different purposes, all of them are configurable in the Integrations section of Arcanna.

Input integrations

Sources for the events to be investigated. The list includes:

  • Splunk
  • Elasticsearch
  • OpenSearch
  • Google Chronicle SIEM
  • FortiSIEM
  • QRadar
  • ServiceNow
  • ThreatConnect
  • Google Chronicle SOAR (former Siemplify)
  • FortiSOAR
  • Palo Alto XSOAR
  • Microsoft Sentinel
  • Swimlane SOAR
  • External REST API - generic connector for other sources of data that are not listed above

Output integrations

The processed events and the conclusions drawn on them will be stored using an integration of this type. The list includes:

  • Elasticsearch
  • OpenSearch

Enrichment integrations

Additional information needed in the investigation process from Threat Intel or other data sources:

  • VirusTotal
  • OpenThreatIntel
  • Splunk
  • Elasticsearch
  • Generic REST API - ability to create custom HTTP calls to any 3rd party system

Post-decision integrations

Used for tasks that need to be performed based on the decision made upon an event. With this type of integration, you can create tickets automatically, trigger SOAR playbooks, add Arcanna's decision into the event's description, send notifications when case, etc.

  • Splunk
  • Elasticsearch
  • FortiSIEM
  • QRadar
  • ServiceNow
  • Slack
  • TheHive
  • ThreatConnect
  • DFIR IRIS
  • Otobo

LLM integrations

Used for enrichment, summarization or other specific needs, cloud or local connectors with LLMs can be configured:

  • OpenAI
  • Azure OpenAI
  • Ollama

Authentication integrations

Integrations for platform user authentication:

  • Microsoft Active Directory
  • LDAP

REST API

Arcanna.ai also exposes a REST API. Swagger describing all endpoints can be found at http://<your-arcanna.ai-url>:9666/docs. Authentication is done using the x-rest-api-token header and the token generated from Arcanna.ai's web interface -> Profile menu on the top right corner -> API Keys.

info

For additional details on how to create and manage Integrations, check the User Guide -> Adding an Integration section

Other integrations

If you require any other integrations, you can contact us at https://arcanna.ai/support.