Use Cases
Definition
While the industry does follow common security practices and guidelines, each Security Operation Center has its own environment, tools, and security policies that it imposes in order to counter attacks and potential threats with maximum efficiency. With this as a prerogative, Arcanna.ai adapts to the specificity of each environment, becoming tailored based on how the team works, not how it assumes it would work.
AI use cases are the core of Arcanna.ai. Each AI use case embodies an end-to-end investigative flow for events that are being analyzed based on a common set of decision points. AI use cases map the SOC investigation process to an AI-driven process that gathers decision points relevant for the current flow, generates a decision for each event, presents it to the user for feedback and performs post-decision tasks.
One investigation flow differs from another one through its decision points relevance and event causality. Therefore, each AI Use Case will have its own AI models trained in order to learn the particularities and patterns of individual flows.
One example of an AI Use Case could be presented as such:
| Stage | Action |
|---|---|
| Input | Read notable events from Splunk |
| Enrichment | Add VirusTotal enrichment to events |
| Decision | Assign decision with AI models |
| Post-decision | Consume decision output in SOAR playbook as decisional node & send Slack notification for certain decision types |
About AI models
We begin with an untrained AI model capable of processing any security alert type. Initially, the model has no embedded knowledge.
Next, we configure the model with decision points that align with the investigation workflow it needs to support. The model then learns and evolves through analyst feedback.
After this initial training phase, the model can begin making decisions on events autonomously, using the example decisions as a foundation for building decision patterns.
For additional information, check Creating your first AI Use Case section.