Autonomous AI-Powered
Threat Detection

Real-time endpoint protection with 25+ security monitors, ML-powered analysis, and autonomous response. Protect Windows, Linux, and macOS from a single dashboard.

Open Dashboard View Documentation
25+
Security Monitors
96.5%
ML Accuracy
0.2%
False Positive Rate
45+
MITRE ATT&CK Techniques
Docker + Native Agents · Python 3.10+ · Windows | Linux | macOS

Complete Endpoint Protection

From process monitoring to ransomware canaries, SentinelAI covers every attack surface.

🤖

AI-Powered Analysis

Three-stage detection: local ML ensemble models, legacy heuristics, and Bygheart AI escalation for uncertain cases. 150+ feature extraction per event.

💻

Cross-Platform Agents

Native agents for Windows (25 monitors), Linux (16 monitors), and macOS (10 monitors). Each agent runs natively for real endpoint protection.

📈

Real-Time Dashboard

Modern web UI with live threat visualization, agent management, fleet overview, and interactive charts. Built with Bootstrap 5.

🔒

Autonomous Response

Automatically block malicious IPs, kill dangerous processes, and quarantine files. Configurable severity thresholds with cooldown protection.

🧬

Ransomware Canary

Deploys honeypot files across the filesystem. Detects encryption attempts instantly and triggers immediate alerts and response.

🚀

MITRE ATT&CK Mapping

Maps every detection to 45+ ATT&CK techniques with confidence scores. Understand the full attack chain from reconnaissance to exfiltration.

💡

Autonomous Learning

ML model improves over time from high-confidence detections. Auto-retrains every 24 hours. Accepts user feedback to reduce false positives.

📡

Alerts & Notifications

Email (SMTP), Discord webhooks, and generic webhook alerts with HMAC signatures. Configurable severity thresholds per channel.

🌐

Threat Intelligence

Integrates with VirusTotal, AlienVault OTX, Abuse.ch feeds (URLhaus, FeodoTracker, ThreatFox), and AbuseIPDB for IP reputation.

25+ Security Monitors

Continuous real-time monitoring across every attack surface on your endpoints.

Process Monitor
Mimikatz, encoded PowerShell, reverse shells, crypto miners
Network Monitor
Outbound + inbound, port scans, brute force, DDoS
Event Log Parser
Failed logins, privilege escalation, new services
Registry Watch
Run keys, Services, Winlogon persistence
Startup Monitor
Startup folder and registry Run entries
Scheduled Tasks
New task creation (persistence mechanism)
USB Monitor
Device connections and removals
Hosts File
DNS hijacking via hosts file changes
Browser Extensions
Chrome/Edge new extension installs
Clipboard Monitor
Passwords, API keys, crypto wallets
DNS Query Monitor
DNS tunneling and suspicious domains
PowerShell Logging
Script block execution capture
WMI Monitor
WMI persistence and event subscriptions
DLL Injection
Injected DLLs in running processes
Named Pipes
C2 communication channel detection
Service Monitor
New service creation (persistence)
Driver Monitor
Rootkit driver loading detection
Firewall Rules
Unauthorized firewall rule changes
Certificate Monitor
Rogue certificates in Windows store
Inbound Monitor
Incoming attacks, connection floods
Brute Force
Failed login tracking, auto-block
Windows Defender
Security Center integration
AMSI Monitor
Antimalware Scan Interface events
ETW Tracing
Event Tracing for Windows events
Sysmon Integration
Enhanced process/network logging
Data Exfiltration
Large outbound transfer detection (50MB/min)
Ransomware Canary
Honeypot files detect encryption

Advanced ML v2.0 Detection Engine

Three-stage detection pipeline with ensemble machine learning and autonomous improvement.

Stage 1: Local ML (Free)

150+ feature extraction across process, network, file, registry, behavioral, context, and anomaly dimensions. Ensemble of LightGBM + XGBoost + Random Forest with weighted voting. Isolation Forest anomaly detection.

Stage 2: Heuristics (Fallback)

Whitelist check for known safe applications, blacklist check for known malware signatures, and command-line pattern matching for suspicious arguments.

Stage 3: Bygheart AI (Optional)

For uncertain cases (40-70% confidence), events escalate to Bygheart AI for deep threat classification, remediation recommendations, and false positive detection.

96.5%
Accuracy
99.7%
Precision
89.9%
Recall
94.5%
F1 Score

Architecture

Docker-based central dashboard with native agents reporting in real-time.

┌─────────────────────────────────────────────────────────────┐ │ CENTRAL DASHBOARD (Docker) │ │ ┌────────────┬────────────┬───────────┬────────────────┐ │ │ │ FastAPI │ PostgreSQL │ Redis │ Web UI │ │ │ │ + JWT Auth │ + Users │ + Sessions│ + Admin Panel │ │ │ │ + Bygheart │ + Threats │ + Cache │ + Real-time │ │ │ │ + VT API │ + Agents │ │ + Charts │ │ │ └────────────┴────────────┴───────────┴────────────────┘ │ └─────────────────────────────────────────────────────────────┘ │ REST API ┌────────────────┼───────────────┐ ▼ ▼ ▼ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │ Windows Agent │ │ Linux Agent │ │ macOS Agent │ │ (25 monitors) │ │ (16 monitors) │ │ (10 monitors) │ └─────────────────┘ └─────────────────┘ └─────────────────┘

Integrations

Connect with your existing security stack and notification channels.

🤖
Bygheart AI
🔎
VirusTotal
🌐
AlienVault OTX
💥
Abuse.ch Feeds
🔧
AbuseIPDB
🛡
Windows Defender
💬
Discord Webhooks
📧
Email (SMTP)
🔗
Generic Webhooks
🐳
Docker Projects
🔎
Snort IDS
🛠
REST API

Plans

From personal use to enterprise fleet management.

Free

$0/mo
  • 1 agent
  • 1,000 events/day
  • AI-powered analysis
  • 25+ security monitors
  • Real-time dashboard
  • Auto-response
Get Started

Pro

$29/mo
  • 5 agents
  • 10,000 events/day
  • Everything in Free
  • Fleet management
  • Priority support
  • Email + Discord alerts
Start Pro

Enterprise

$99/mo
  • 100 agents
  • 100,000 events/day
  • Everything in Pro
  • Custom integrations
  • Dedicated support
  • SLA guarantee
Contact Us

Protect Your Endpoints Today

Deploy SentinelAI in minutes with Docker. Native agents start monitoring immediately with zero configuration.

Open Dashboard