AI Insights — Autonomous Network Intelligence Engine (ANIE)

ANIE transforms raw network telemetry into actionable intelligence without requiring a dedicated threat analysis team. Powered by a 5-layer AI pipeline, it autonomously enriches every critical detection with MITRE ATT&CK mappings, conducts forensic investigations, and proactively hunts for threats across your infrastructure — all within a hard-capped budget of $15 per day. For SOC teams drowning in alert noise, ANIE delivers the analytical depth of a senior threat analyst at a fraction of the cost, producing verdicts such as ESCALATE, MONITOR, or DISMISS with full forensic narratives and evidence trails. Five automated analysis types — Anomaly Auto-Analysis, Daily Digest, Shift Handover, Threshold Intelligence, and Predictive Alerts (24-72h forecasting) — keep your team informed across every rotation.

The pipeline is built on Claude by Anthropic, using Haiku for high-volume bulk enrichment (~2,000 calls/day at ~$4/day) and Sonnet for deep investigation and threat hunting (~40 investigations and ~96 proactive hunts daily). Layer 1 enriches every CRITICAL detection with impact scores (0-10), kill chain positioning, and false positive/true positive classification. Layer 2 autonomously investigates correlations by gathering evidence from RIB, ClickHouse, and network context, processing a FIFO queue of 50 items at 30 seconds each. Layer 3 runs continuous threat hunts every 15 minutes, targeting C2 beacons, data exfiltration, and port scanning patterns. Layer 5 self-tunes ML thresholds every 2 hours and assesses feed quality every 6 hours. Layer 6 maintains persistent network context memory — learning peer profiles, known behaviors, and suppression patterns over time. A 4-layer Threat Intel Digest Pipeline reduced costs from $282/day to $1-3/day, and deterministic fallback enrichment ensures zero disruption if the daily budget is exceeded. All 13 detection types are mapped to MITRE ATT&CK tactics for standardized threat classification.

Key Capabilities

• 5-layer AI pipeline powered by Claude (Anthropic) — Haiku for bulk enrichment, Sonnet for investigation and hunting
• Layer 1 Real-time Detection Enrichment: MITRE ATT&CK mapping, kill chain positioning, impact scoring (0-10), FP/TP classification (~2,000 calls/day)
• Layer 2 Autonomous Investigation Agent: forensic narratives with ESCALATE/MONITOR/DISMISS verdicts, 50-item FIFO queue at 30s processing (~40 investigations/day)
• Layer 3 Continuous Threat Hunting: proactive hunts every 15 minutes targeting C2 beacons, data exfiltration, and port scanning (~96 hunts/day)
• Layer 5 Self-Tuning ML Orchestrator: automatic threshold tuning every 2 hours, feed quality assessment every 6 hours
• Layer 6 Network Context Memory: persistent learning of peer profiles, known behaviors, and suppression patterns
• Five automated analysis types: Anomaly Auto-Analysis, Daily Digest, Shift Handover, Threshold Intelligence, and Predictive Alerts (24-72h)
• Budget-controlled at $15/day hard cap (~$450/month) with deterministic fallback enrichment at zero Claude cost
• Cost optimization via 4-layer Threat Intel Digest Pipeline — reduced from $282/day to $1-3/day
• 13 detection types mapped to MITRE ATT&CK tactics for standardized threat classification
• Evidence gathering from RIB, ClickHouse, and network context for comprehensive forensic investigations

Engineered and operated by the GOLINE SOC & Network Engineering team.

Explore all RoutePulse features →