Detection Engine
Sentinel Core
Cloud Defense Beyond Signatures.
Uses stateful Isolation Forests to identify raw AWS, GCP, and Kubernetes console logins, privilege changes, and exfiltration patterns without signature rules.
Key Capabilities
✓Multi-dimensional anomaly detection
✓Isolation Forest clustering algorithms
✓IAM privilege escalation warning
✓High-throughput raw event mapping
✓Zero-day credential abuse defense
Stateful Isolation Forest Simulator
$ aegis-sentinel --scan --source=AWSCloudTrail
[+] Parsing raw logs: 1,480 events...
[+] Running Isolation Forest anomaly isolation...
// Click Run Scan below to initiate clustering analysis
Module Configuration
Technical Specifications
Model TypeIsolation Forest (IForest)
Log SourcesAWS CloudTrail, GCP Admin, K8s Audit
LatencyReal-time (<1.2s analysis window)
Confidence ScoresStateful dynamic classification