Skip to main content

How it works

Investigating potential threats implies a set of steps to be taken in order to reach an educated conclusion. The process implies:

  • pre-decision actions: acknowledging an event and collecting relevant data related to it, to be interpreted as factors for the final decision
  • the decision itself: using all the relevant data linked to the event, assign a category to it
  • post-decision actions: explain the outcome of the investigation and the reasoning behind it. Further on, perform any necessary tasks after the decision has been made (e.g. create or close tickets, send alerts or notifications, trigger SOAR playbooks etc).


It's a given that, when making a decision, having the event's context is critical. In order to have all the information available, Arcanna offers multiple methods of data gathering, such as: an extensive range of off-the-shelf integrations with the data sources where analysts perform the investigation, an ETL tool for data uniformity, threat enrichment, or advanced techniques for correlating data between multiple sources. By doing so, we ensure that no decision point is being missed and the AI models learn from comprehensive, consistent data.


With all the data being made available, an educated decision can be made. Having the continuous feedback loop as source for evolving, the models learn as more and more events are being investigated. All the decisions are monitored for performance KPIs, and with each train round Arcanna becomes better and better at understanding which patterns lead to which decision.


After the decision has been made, automated post-decision actions are triggered. Once the models reach certain performance thresholds, Arcanna can start generating tickets with various severity levels, send notifications or alerts, or any other action required. To enable this process, Arcanna offers post-decision integrations with ticketing systems, SOARs, alerting and notification systems, out-of-the-box.