Arcanna AI

arcanna ai is an ai driven platform that automates the analysis and management of security events arcanna ai is an advanced ai driven platform designed to enhance security operations by providing insightful event analysis and feedback mechanisms this connector allows swimlane turbine users to seamlessly integrate with arcanna ai, enabling automated retrieval and management of events and jobs, as well as the ability to send events and feedback for improved threat detection and response by leveraging arcanna ai's capabilities, users can enhance their security workflows, reduce manual intervention, and improve the accuracy of threat analysis within the swimlane turbine ecosystem this is a connector for arcanna ai arcanna ai is an ai assisted cybersecurity by bringing all the required data into a single place where it can be processed and analyzed in order to automate decision and post decision tasks across the growing it infrastructure prerequisites before you can use the arcanna ai connector for turbine, you'll need access to the arcanna ai api this requires the following an api key authentication using the following parameters url the endpoint url for accessing arcanna ai services api key a unique key provided by arcanna ai for authenticating api requests capabilities this connector provides the following capabilities get event export get event status get jobs list send bulk events send event send event feedback additional documentation https //docs swimlane com/connectors/arcanna ai https //arcanna ai/docs/ https //docs swimlane com/authentication guides/arcanna ai configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x arcanna api key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get event export retrieve an event from arcanna ai in its raw format using job id and event id as path parameters endpoint url /api/v1/events/{{job id}}/{{event id}}/export method get input argument name type required description path parameters job id number required parameters for the get event export action path parameters event id number required parameters for the get event export action input example {"path parameters" {"job id" 123,"event id" 15427818711674}} output parameter type description status code number http status code of the response reason string response reason phrase event id string unique identifier ingest timestamp string output field ingest timestamp status string status value arcanna event object output field arcanna event arcanna event example field string output field arcanna event example field output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"event id" "15427818711674","ingest timestamp" "2024 02 15t11 50 13 781871z","status" "ok","arcanna event" {"example field" "example value"}}} get event status retrieve the status of an event in arcanna ai using job id and event id as path parameters endpoint url api/v1/events/{{job id}}/{{event id}} method get input argument name type required description path parameters job id number required parameters for the get event status action path parameters event id string required parameters for the get event status action input example {"path parameters" {"job id" 1201,"event id" "12011938471583"}} output parameter type description status code number http status code of the response reason string response reason phrase event id string unique identifier ingest timestamp string output field ingest timestamp status string status value confidence level number unique identifier result string result of the operation is duplicated boolean output field is duplicated error message string response message output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"event id" "string","ingest timestamp" "string","status" "string","confidence level" 0,"result" "string","is duplicated"\ true,"error message" "string"}} get jobs list retrieve a list of jobs from arcanna ai for monitoring and management purposes endpoint url api/v1/jobs method get output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" \[{"job id" 0,"data type" "string","title" "string","status" "string","labels" \[],"features" \[]}]} send bulk events send a bulk of events to arcanna ai as a json string with xsoar fields requires job id as a path parameter and events in the json body endpoint url api/v1/bulk/{{job id}} method post input argument name type required description path parameters job id number required parameters for the send bulk events action counts number optional parameter for send bulk events events array optional parameter for send bulk events events job id number optional unique identifier events severity number optional parameter for send bulk events events name string optional name of the resource events destination object optional parameter for send bulk events events destination address string optional parameter for send bulk events events destination port number optional parameter for send bulk events events destination bytes number optional parameter for send bulk events events destination ip string optional parameter for send bulk events events destination packets number optional parameter for send bulk events events rule object optional parameter for send bulk events events rule name string optional name of the resource events rule id string optional unique identifier events rule category string optional parameter for send bulk events events source object optional parameter for send bulk events events source address string optional parameter for send bulk events events source port number optional parameter for send bulk events events source bytes number optional parameter for send bulk events events source ip string optional parameter for send bulk events events source packets number optional parameter for send bulk events events event object optional parameter for send bulk events events event severity number optional parameter for send bulk events events event ingested string optional parameter for send bulk events input example {"json body" {"counts" 10,"events" \[{"job id" 1202,"severity" 3,"name" "test alert","destination" {"address" "10 128 0 6","port" 53720,"bytes" 836035,"ip" "10 128 0 6","packets" 6459},"rule" {"name" "suricata http unable to match response to request","id" "2221010","category" "generic protocol command decode"},"source" {"address" "8 8 8 8","port" 9200,"bytes" 4833843,"ip" "8 8 8 8","packets" 9677},"event" {"severity" 3,"ingested" "2021 06 15t07 56 50 654225827z","created" "2021 06 15t07 56 49 649z","kind" "alert","module" "suricata","start" "2021 06 14t14 02 06 280z","category" \["network","intrusion detection"],"type" \["allowed"],"dataset" "suricata eve"},"fileset" {"name" "eve"},"message" "generic protocol command decode","url" {"path" "libhtp request uri not seen","original" "libhtp request uri not seen"},"@timestamp" "2021 06 15t07 56 49 647z","suricata" {"eve" {"in iface" "ens4","metadata" {"flowints" {"http anomaly count" 2419}},"event type" "alert","alert" {"signature id" 2221010,"rev" 1,"gid" 1,"signature" "suricata http unable to match response to request","category" "generic protocol command decode"},"flow id" 576330410117303,"tx id" 3224,"flow" {}}},"closingreason" "resolved","closing notes" "some analyst note"}]},"path parameters" {"job id" 1219}} output parameter type description status code number http status code of the response reason string response reason phrase status string status value error message string response message output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"status" "string","error message" "string"}} send event send a raw event to arcanna ai using job id, raw body, and title as inputs endpoint url api/v1/events/ method post input argument name type required description job id number optional unique identifier raw body object optional request body data raw body destination object optional request body data raw body destination address string optional request body data raw body destination port number optional request body data raw body destination bytes number optional request body data raw body destination ip string optional request body data raw body destination packets number optional request body data raw body rule object optional request body data raw body rule name string optional request body data raw body rule id string optional request body data raw body rule category string optional request body data raw body source object optional request body data raw body source address string optional request body data raw body source port number optional request body data raw body source bytes number optional request body data raw body source ip string optional request body data raw body source packets number optional request body data raw body event object optional request body data raw body event severity number optional request body data raw body event ingested string optional request body data raw body event created string optional request body data raw body event kind string optional request body data raw body event module string optional request body data raw body event start string optional request body data input example {"json body" {"job id" 1219,"raw body" {"destination" {"address" "10 128 0 6","port" 53720,"bytes" 836035,"ip" "10 128 0 6","packets" 6459},"rule" {"name" "suricata http unable to match response to request","id" "2221010","category" "generic protocol command decode"},"source" {"address" "8 8 8 8","port" 9200,"bytes" 4833843,"ip" "8 8 8 8","packets" 9677},"event" {"severity" 3,"ingested" "2021 06 15t07 56 50 654225827z","created" "2021 06 15t07 56 49 649z","kind" "alert","module" "suricata","start" "2021 06 14t14 02 06 280z","category" \["network","intrusion detection"],"type" \["allowed"],"dataset" "suricata eve"},"fileset" {"name" "eve"},"message" "generic protocol command decode","url" {"path" "/libhtp request uri not seen","original" "/libhtp request uri not seen"},"@timestamp" "2021 06 15t07 56 49 647z","suricata" {"eve" {"in iface" "ens4","metadata" {"flowints" {"http anomaly count" 2419}},"event type" "alert","alert" {"signature id" 2221010,"rev" 1,"gid" 1,"signature" "suricata http unable to match response to request","category" "generic protocol command decode"},"flow id" 576330410117303,"tx id" 3224,"flow" {}}}},"title" "sample event","severity" 3}} output parameter type description status code number http status code of the response reason string response reason phrase event id string unique identifier job id number unique identifier ingest timestamp string output field ingest timestamp status string status value error message string response message output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"event id" "string","job id" 0,"ingest timestamp" "string","status" "string","error message" "string"}} send event feedback send feedback for a previously inferred event in arcanna ai to improve future event analysis requires job id and event id as path parameters endpoint url api/v1/events/{{job id}}/{{event id}}/feedback method put input argument name type required description path parameters job id string required parameters for the send event feedback action path parameters event id string required parameters for the send event feedback action cortex user string optional parameter for send event feedback feedback string optional parameter for send event feedback closing notes string optional parameter for send event feedback indicators array optional parameter for send event feedback indicators type string optional type of the resource indicators value string optional value for the parameter indicators source string optional parameter for send event feedback input example {"json body" {"cortex user" "string","feedback" "string","closing notes" "string","indicators" \[{"type" "string","value" "string","source" "string"}]},"path parameters" {"job id" "string","event id" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase status string status value output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"status" "string"}} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt