Back to Product Suite
Detection Engine

Sentinel Core

Cloud Defense Beyond Signatures.

Uses stateful Isolation Forests to identify raw AWS, GCP, and Kubernetes console logins, privilege changes, and exfiltration patterns without signature rules.

Key Capabilities

Multi-dimensional anomaly detection
Isolation Forest clustering algorithms
IAM privilege escalation warning
High-throughput raw event mapping
Zero-day credential abuse defense
Stateful Isolation Forest Simulator
$ aegis-sentinel --scan --source=AWSCloudTrail
[+] Parsing raw logs: 1,480 events...
[+] Running Isolation Forest anomaly isolation...
// Click Run Scan below to initiate clustering analysis
Module Configuration

Technical Specifications

Model TypeIsolation Forest (IForest)
Log SourcesAWS CloudTrail, GCP Admin, K8s Audit
LatencyReal-time (<1.2s analysis window)
Confidence ScoresStateful dynamic classification