Technical Deep Dive

How The AI Agent Works - Automated or guided modes

1. Ingestion & Normalization

AxonSentry connects directly to your ticketing system or SIEM. Our system normalizes these alerts into a common format, enriching them with initial metadata before they enter the processing pipeline. This ensures that data from different tools can be analyzed consistently.

2. L1 Triage Agent: The First Filter

The first layer of analysis is a high-speed triage agent. It checks similar past incidents and their closure code, based on a powerful RAG system. This provides the AI with the context of how your team has handled similar threats in the past. It will analyze the context of the incident to quickly identify False Posiitves Uin order to filter out up to 90% of false positives and low-priority noise. Alerts are classified and prioritized in under 30 seconds, allowing human analysts to focus only on what's important.

3. L2 Investigation

For escalated alerts, our Level 2 agent takes over. It uses its full deep thinking skills to conduct a deep investigation. The engine queries your internal knowledge bases, including historical Jira tickets, Confluence runbooks, and other documentation to figure out the intent of a reported activity. If extra data is needed, the L2 agent will query the SIEM or the XDR data Lake to answer investigative questions.

4. Autonomous Response & Remediation

Based on the investigation, the AI proposes or executes a response plan. With one-click approval, AxonSentry can execute remediation actions directly through your existing tools and APIs. This includes blocking an IP address, isolating a host, sinkholing a domain, resetting a user's password, creating or updating a Jira ticket, or triggering a custom workflow. All actions are fully auditable.

5. Continuous Learning Loop

Every action taken, and the feedback provided by human analysts, is fed back into the system. This creates a powerful reinforcement learning loop. The RAG engine is continuously updated with new investigation outcomes, and the triage models are retrained to become even more accurate over time.

6. Security & Compliance

Our entire RAG engine and AI processing can be deployed on-premises, ensuring that no proprietary data or PII ever leaves your network. Every PII is anonimyzed. This architecture is designed to be compliant with strict data privacy regulations like GDPR and DORA, making it suitable for enterprises in sensitive industries.