Skip to main content

Create AI job

  1. Go to the AI Jobs menu and click the New job button:

  2. Follow the steps from the Job details tab and fill in the requested fields, as follows:

    2.1. Choose a title for your AI Job (e.g.: SIEM Signals & TheHIVE case management)

    2.2. In the Input section, select the integration you have created with your datasource (e.g.: SIEM Integration)

    info

    At this step, depending on the type of product which is behind the integration you have selected, additional options will appear in the template which will allow you to customize the data processing.

    Following the example above, for integrating with Elasticsearch data warehouse, you will have the following options:

  • Index Pattern - this allows you to specify to Arcanna the exact data index you want to be processed (this is very helpful, especially when storing multiple sources of data in a single warehouse)

  • Start time - allows you to specify the exact time from which you want Arcanna to start processing the data. This option allows you to process historical data, if available, and refers to the timestamp associated with processed data

  • End time - allows you to specify the exact time when you want Arcanna to stop processing data. This refers to the timestamp associated with processed data

  • Elastic query string filter- allows you to add additional filters for your data that will be processed by Arcanna.ai

    2.3. Automations - add post-decision actions to be performed by Arcanna within the automated workflow (AI Job), depending on the available integrations, such as (but not limited to):

    • Automated case creation
    • Automated alerting and notification
    • SOAR playbook integrations
    • Threat Intelligence enrichment

    2.4. In Advanced settings you can configure the classes (or decisions) that the AI Job should assign to the events. By default Drop and Escalate are defined, but they can be renamed or deleted, and other classes can be added to account for all the types of decision that should be available for the current job.

    2.5. Click the Save and run button and the AI Job will be available for use in the AI Jobs menu. From this point on, the AI Job will start to process the data using the new untrained, and the learning process can be started (please refer to the Features Selection section for how to start the AI Job training process).

info

When you first start your AI Job, all the processed events will be marked as "Undecided", since the AI models do not have yet any relevant information regarding the environment in order to make educated decisions. This will be the case until the first train session will be performed (please refer to the AI Jobs, Feedback and Training sections for additional information about it)