Platform Architecture
A high-level overview of the Radiant platform architecture.
Radiant is a cloud-hosted AI SOC platform that sits between your existing security tools and your analyst team. Rather than replacing your stack, it connects to it—ingesting alerts from every source, automatically investigating them with AI agents, and surfacing only confirmed threats to analysts for review and response.
Architecture Diagram
The diagram below shows the four major functional layers of the Radiant platform, as well as the supporting services that power the AI engine. Data flows from left to right, from your existing security tools through ingestion, processing, and AI-driven analysis, to response actions taken by your team.
Core platform components
The Radiant platform is organized into four functional layers, each responsible for a distinct stage of the security operations workflow. Two supporting services underpin the AI engine at the platform's core.
Connector Hub
The entry point for all data entering Radiant. It is responsible for connecting to your existing security tools and ingesting alerts and logs in real time. Radiant connects via plug-and-play API connectors across 100+ sources. No custom parsers or manual configuration are required for supported integrations.
API query connectors: Poll external SIEMs, EDRs, identity platforms, and cloud environments for alerts and log data.
Webhooks: Receive real-time event streams pushed from your tools.
Syslog collection: Ingest raw log feeds from network devices, firewalls, and other infrastructure.
Log management feed: Pull structured log data stored in Radiant's integrated log store.
Data Fabric
The data fabric processes and organizes all ingested data into a structured, queryable format that the AI Engine can work with. It also houses Radiant's integrated log management capability, a significant differentiator that allows customers to consolidate log storage without a separate SIEM.
Raw data store: Durable, tenant-isolated storage of ingested security events.
ETL and normalization: Parses and transforms logs into a consistent schema regardless of source format.
ML feature builder: Extracts behavioral and contextual features to enrich AI analysis.
Alert generation: Surfaces structured alerts from log anomalies and detection rules.
AI Engine
This is the core of the Radiant platform. The AI Engine receives every alert, dynamically builds and executes a triage and investigation plan, then renders a verdict. Critically, it handles all alert types, not just a predefined set, by reasoning about each alert's context at runtime.
Alert router: Classifies and routes incoming alerts to the appropriate pipeline.
Triage pipeline: Executes configurable pipeline steps and AI agents to assess alert severity.
Investigation pipeline: Performs deeper, multi-step investigation for escalated alerts, driven by AI agents.
Pipeline execution trace: Captures a full, human-readable log of every decision the AI made, for transparency and auditability.
Verdict and escalation: Closes false positives automatically; escalates confirmed threats with a complete investigation summary.
Response
This is where your analysts interact with the platform. Escalated incidents arrive here with a full investigation context: root cause, affected systems, and a recommended remediation plan, so analysts can act immediately without having to re-investigate from scratch. All response activity is recorded in a full audit trail, making it straightforward to document incidents for compliance, post-incident review, or internal reporting.
Case management: A unified queue of escalated incidents, each with investigation context attached.
Response workflows: Auto-generated, incident-specific response plans ready for one-click execution.
Response action library: A catalog of pre-built remediation actions (disable user, isolate host, block IP, etc.) that execute directly from the console.
Review and approval workflow: Optional analyst review step before automated actions execute.
Last updated
Was this helpful?