Security that
thinks for itself
SIEM, WAF, AI SOC, and automated playbooks in a single cybersecurity platform. Protect your servers, analyze threats in real-time, and respond autonomously. One binary. Total protection.
6
Security Modules
70+
Attack Patterns
3
AI SOC Tiers
<1ms
Inspection Latency
24/7
Autonomous SOC
17MB
Single Binary
6 layers of protection on every request
Every request passes through 6 security modules before reaching your application. Threats are blocked instantly and reported to the AI SOC for analysis.
Browser Fingerprinting
9-factor device fingerprint with risk scoring. Detects automation, new devices, and rapid identity switching.
Content Analysis
70+ attack patterns: SQLi, XSS, path traversal, command injection, SSRF, JNDI, and template injection.
Behavior Profiling
30-day rolling profiles with 5 anomaly detectors: unusual time, rate spike, new endpoints, IP diversity.
Geo / VPN Detection
Real-time IP intelligence: Tor exit nodes, 13 VPN providers, 25 datacenter providers, proxy detection.
Trust-Aware Risk Engine
5 signal sources, progressive lockout (soft to hard), trust bonuses from 2FA and known patterns.
TOTP 2FA
RFC 6238 with backup codes, session trust persistence, and inline security challenges on high risk.
SIEM + AI SOC + Automated Playbooks
Not just a firewall. SENTINEL is a complete cybersecurity platform that collects, correlates, analyzes, and responds to threats autonomously.
SIEM
Security Information and Event Management. Centralized log collection from all devices and servers.
- ✓ Real-time event streaming (SSE)
- ✓ Multi-device fleet management
- ✓ IP correlation across devices
- ✓ Log export (JSONL, CSV, CEF)
- ✓ Analytics dashboard with timelines
- ✓ Firewall rule management
AI SOC
Tiered AI Security Operations Center. Three models escalate from triage to deep investigation automatically.
- ✓ 3-tier analysis (triage, standard, critical)
- ✓ Autonomous threat detection
- ✓ ALLOW / BLOCK / INVESTIGATE decisions
- ✓ Spike detection watchdog (5min window)
- ✓ Confidence scoring per decision
- ✓ AWS Bedrock + Gemini + OpenAI support
Automated Playbooks
Pre-built and custom response playbooks that execute automatically when threats are detected.
- ✓ Auto-block on brute force
- ✓ Progressive lockout escalation
- ✓ Fleet-wide IP correlation & block
- ✓ SOC journal with strategy tracking
- ✓ Threat intel sharing between devices
- ✓ Audit log for compliance
SAST + DAST Scanning
Find vulnerabilities in your code before attackers do. Upload source code or scan live endpoints.
SAST
- ✓ 25 OWASP rules
- ✓ Go, JS, TS, Python, C/C++
- ✓ MQL5 support
- ✓ ZIP upload + cloud scan
- ✓ Isolated worker instance
DAST
- ✓ Security headers (10 checks)
- ✓ TLS configuration (6 checks)
- ✓ Server misconfiguration
- ✓ Live endpoint scanning
- ✓ Automated from dashboard
Private LLM Defense
On-device AI supervisor that never sends your data to external services. Complete confidentiality with minimal resource footprint.
- ✓ Locally-hosted fine-tuned models
- ✓ Trained specifically for security supervision
- ✓ Minimal resource consumption (<500MB RAM)
- ✓ No data leaves the device — ever
- ✓ Offline capable — works without internet
- ✓ Compliant with air-gapped environments
How it all connects
Internet Traffic
↓
SENTINEL Server Mode (WAF)
↓ events ↓
Your Application
Protected backend
SENTINEL Cloud
SIEM + AI SOC
↓
Automated Response (block, alert, escalate)
Deploy in 60 seconds
Download the binary
Single static binary. Linux AMD64 or ARM64. No dependencies, no runtime.
Point it at your server
Sentinel sits between the internet and your app. One flag to start.
Connect to Cloud SOC
Register a device, add the token, and all events flow to your AI-powered SOC dashboard.
One platform, every surface
Server Mode
Reverse proxy WAF for APIs and web servers
Cloud SOC
Central SIEM, AI analysis, fleet management
Desktop Agent
Windows WPF with system tray, SAST scanning
IoT Device
Lightweight agent for ARM/embedded devices
Ready to protect your servers?
Open the dashboard to register your first device.
Built by Soul Core
SENTINEL Cloud
Devices
Online
Critical (live)
Total Events
Devices
Device Token (save this — shown once):
Add to sentinel.json: "cloud": {"endpoint": "http://YOUR_IP:8080", "device_token": "TOKEN"}
Push Command to
Advanced Command
Events
Devices Online
Devices Offline
need attention
Unique Attackers
Event Timeline
Top Attackers (by event count)
Event Categories
Fleet IP Reputation Lookup
AI Threat Analysis
Autonomous threat monitoring — adaptive refresh rate based on risk level.
Risk Level
Executive Summary
Identified Threats
- ›
- No significant threats identified
Recommended Actions
- ✓
- No actions required
🛡️
Loading AI threat analysis — auto-refreshes every 5 minutes
SOC Team Actions
risk
Supervisor Decisions
Firewall Rules
SOC Journal
Content passed static security review — safe to save.
Playbook Security Review
Port Reports
| Status | Port | Service | Process | Bind IP | Risk | Frequency | Device | Last Seen | Actions |
|---|---|---|---|---|---|---|---|---|---|
| No port reports — agents send scan results automatically | |||||||||
📦
Drag & drop a ZIP file here
or
Max 50MB · Supports Go, JS/TS, Python, C/C++, MQL5
Total Scans
Total Findings
Critical
High
Scan History
| Scan ID | File | Status | Findings | Duration | Date | |
|---|---|---|---|---|---|---|
Findings —
| Severity | Rule | File | Line | Message |
|---|---|---|---|---|
Device Settings
Configure per-device settings — mode, notifications, scan intervals
All Settings for Device
Admin — Invite Codes
ADMINNew invite code (share with trusted user):
Security Audit Log
ADMINTotal Events
·
Incidents
IPs Blocked
Journal
Incidents
Blocks
Strategies
Playbooks
Intel
AI Analyses
Top Threat IPs
Security Challenge Required
Unusual activity detected. Verify your identity with TOTP to continue.
Risk Assessment
TRUST ACTIVEAccount LOCKED — retry in
Browser Fingerprint
Known Fingerprints ()
Geo / Network Intelligence
Behavior Profile
Not enough data yet
Need 50+ requests to establish baseline
Hourly Activity Distribution
Top Endpoints
Two-Factor Authentication
2FA is disabled
Enable TOTP for an extra layer of security
2FA is enabled
Scan this in your authenticator app:
Backup Codes (save these!):
Enter your current TOTP code to disable 2FA:
Risk History (24h)
| Time | Score | Level |
|---|---|---|
No risk events recorded yet
SIEM Correlation Engine
MITRE ATT&CKDetection Logic
Detects ordered sequence of events from same source within Fires when matching events occur within Fires when unique IPs match within Fires when expected event is NOT seen within
MITRE ATT&CK
Reference: MITRE ATT&CK Enterprise Matrix
Related Events
Fired Correlations
IOC Database
Threat Intelligence Lookup
Compliance Report