Skip to main content


What is

Decision Intelligence is a practical domain framing a wide range of decision-making techniques bringing multiple traditional and advanced disciplines together to design, model, align, execute, monitor and tune decision models and processes. (Gartner). Through Decision Intelligence, the aim is to mimic human behavior into an end-to-end process, starting with the initial action of data gathering, and ending with a conclusion and the main data points that contributed to it.

Arcanna serves as a Decision Intelligence AI platform meant to enhance human decision-making within the Security Operations Center (SOC) or Network Operations Center (NOC), regardless of the tools, processes, and data they use to make decisions. It achieves this by leveraging consistent data points and incorporating human feedback into AI models, moving towards an autonomous decision-making system.


Deep learning is a subfield of machine learning that implies the use of neural networks to model and solve complex problems. Traditionally, analysts look at data from a range of sources, consisting of information that is relevant in the context of a possible malicious event. Using their expert know-how and experience, they extract information to correlate features and draw conclusions, building patterns mentally. In deep learning, the algorithms can automatically learn, optimize and correlate features from the same data, making it well-suited for tasks such as natural language processing and other complex pattern recognition problems. proposes hybrid models that includes a sequence of convolutional and recurring units, such as Long Short-Term Memory to streamline cybersecurity process handling.

The decision-making process is framed as a classification problem, where investigation reports conclude with a status or label assigned to the original event (e.g., "False Positive" for noise, "Threat" or "Malicious" for true positives, or any other user-defined flag). As analysts investigate and label a set of alerts, Arcanna, trained on this data, can autonomously apply similar flags to events, providing reasons behind each decision. Given the classification approach, Arcanna can become the main actor inside an operation for activities such as alert handling, incident creation, threat intel collection, notifications, or even improved remediation.

Continuous human feedback-loop

Due to Arcanna's innovative approach to integrating expert knowledge into its models' training data, the learning process ensures that the decisions Arcanna makes are constantly improving, until it becomes your best analyst. Its patented approach to continuous learning and feedback collection, together with advanced insights into the data and performance metrics, give your Security Operations Center a distinctive advantage in the race against threats.