.jpg){kind=link}
.jpg){kind=link}
.jpg){kind=link}
.jpg){kind=link}
SentinelWeave is an AI-powered cybersecurity threat detection platform with post-quantum secure reporting. It combines log parsing, anomaly detection, ML classification, and optional Azure integrations, then wraps sensitive reports using QuantaWeave (LWE + ML-KEM/ML-DSA + Falcon) with AES-GCM.
- Threat detection engine (z-score + signatures) with explainable scoring.
- ML pipeline (logistic regression + k-fold CV) with Azure ML export schema.
- CIA triad modules: RBAC, HMAC integrity chain, token-bucket availability.
- SIEM exporters: CEF (ArcSight) and LEEF (QRadar).
- Web dashboard (Flask + Chart.js) with live SSE updates.
- PyQt6 GUI with 8 tabs including Email Scanner and ML Pipeline.
- Azure integrations with offline-safe fallbacks.
- QuantaWeave PQC primitives with formal proof sketches.
python -m venv .venv
# Windows (PowerShell)
.\.venv\Scripts\Activate.ps1
# Linux/macOS
# source .venv/bin/activate
pip install -r requirements.txt
# Run the interactive demo
python -m sentinel_weave demo
# Run demo with all bundled dummy logs
python -m sentinel_weave demo --fixtures
# Analyze a log file
python -m sentinel_weave analyze /var/log/auth.log --verbose
# Threat-hunting DSL query
python -m sentinel_weave hunt sentinel_weave/Examples/dummy_logs/11_weekly_soc_mixed_840.log level:HIGH src:203.0.113.* sig:SSH_BRUTE_FORCEThe repository includes synthetic SOC logs for realistic testing:
sentinel_weave/Examples/dummy_logs/11_weekly_soc_mixed_840.log
Use it directly with the analyzer:
python -m sentinel_weave analyze sentinel_weave/Examples/dummy_logs/11_weekly_soc_mixed_840.log --verboseIn the GUI, run Log Analyzer → Analyze, then open Threat Detection and use
the threat hunt DSL box (e.g. level:HIGH src:192.168.* sig:SSH_BRUTE_FORCE).
python -m dashboard
# Then open http://127.0.0.1:5000For the rebuilt React dashboard:
cd sentinel_weave/dashboard_web
npm install
npm run dev
# Then open http://127.0.0.1:5173pip install PyQt6
python gui/sentinel_weave_gui.pyRaw Logs
-> EventAnalyzer
-> ThreatDetector
-> ThreatReport
-> SecureReporter -> QuantaWeave PQ + AES encrypted report
-> SIEM Export (CEF / LEEF)
-> Azure Integrations (optional)
sentinel_weave.event_analyzer— parse logs, extract 13-feature vectors, detect signatures.sentinel_weave.threat_detector— anomaly scoring, threat levels, explainability.sentinel_weave.ml_pipeline— train/evaluate classifier + Azure ML schema export.sentinel_weave.secure_reporter— hybrid PQ + AES-GCM encrypted reports.sentinel_weave.siem_exporter— CEF/LEEF exports and file output.sentinel_weave.dashboard— live web dashboard with SSE.sentinel_weave.gui— PyQt6 desktop GUI.
SentinelWeave runs fully offline by default. Azure features activate only when the related settings are present.
Authentication preference:
- Primary:
DefaultAzureCredential(recommended) - Fallback: connection strings / API keys
AZURE_STORAGE_ACCOUNT_URLAZURE_STORAGE_CONTAINERAZURE_STORAGE_CONNECTION_STRING(fallback)
AZURE_TEXT_ANALYTICS_ENDPOINTAZURE_TEXT_ANALYTICS_KEY
AZURE_APPINSIGHTS_CONNECTION_STRING
AZURE_COSMOS_ENDPOINTAZURE_COSMOS_DATABASEAZURE_COSMOS_CONTAINERAZURE_COSMOS_PARTITION_KEYAZURE_COSMOS_CONNECTION_STRING(fallback)
AZURE_SERVICEBUS_NAMESPACEAZURE_SERVICEBUS_QUEUEAZURE_SERVICEBUS_CONNECTION_STRING(fallback)
AZURE_EVENTHUBS_NAMESPACEAZURE_EVENTHUB_NAMEAZURE_EVENTHUBS_CONNECTION_STRING(fallback)
AZURE_KEYVAULT_URL
SENTINELWEAVE_AZURE_ENDPOINTSENTINELWEAVE_AZURE_API_KEYSENTINELWEAVE_AZURE_ML_USE_AADSENTINELWEAVE_AZURE_ML_SCOPE
- Core threat detection engine (z-score + signature matching)
- ML pipeline (logistic regression, k-fold cross-validation)
- Log analyzer (RFC-syslog + freetext parsing)
- CIA triad modules: RBAC, HMAC integrity chain, availability
- PyQt6 GUI (Dashboard, Log Analyzer, Threat Detection, ML Pipeline, Access Control, Integrity, Availability, Email Scanner)
- Email Scanner (single, batch, IMAP inbox)
- Azure integrations (Blob Storage, Text Analytics, Monitor telemetry)
- Web dashboard (Flask + Chart.js) with SSE live updates
- SIEM integration (CEF + LEEF) with file export
- Kubernetes deployment assets (dashboard + worker, Helm chart, ACR CI workflow, devcontainer)
-
Threat hunting query language
- DSL like
level:HIGH src:192.168.* sig:SSH_BRUTE_FORCE - CLI and GUI integration
- DSL like
-
Federated threat intelligence
- PQ-encrypted summary exchange between peers
- REST gossip protocol and dedup logic
- CLI:
python -m sentinel_weave federate --peer https://node2.example.com
For the full roadmap and legacy HQC build notes, see sentinel_weave/TODO.md.
- Project overview: sentinel_weave/SENTINEL_WEAVE.md
- GUI guide: docs/GUI.md
- Algorithm notes: docs/ALGORITHM.md
- Proof sketches: docs/PROOFS.md
- Security: SECURITY.md
- Dashboard container: default
Dockerfilecommand servespython -m dashboard - Worker container command:
python -m sentinel_weave.worker
Chart path: helm/sentinel-weave
# Local render
helm template sentinel-weave ./helm/sentinel-weave
# Install
helm upgrade --install sentinel-weave ./helm/sentinel-weave \
--set image.repository=<acr>.azurecr.io/sentinel-weave-dashboard \
--set image.tag=<tag> \
--set worker.image.repository=<acr>.azurecr.io/sentinel-weave-worker \
--set worker.image.tag=<tag>Workflow: .github/workflows/k8s-acr.yml
Required repository secrets:
ACR_LOGIN_SERVER(example:myregistry.azurecr.io)ACR_USERNAMEACR_PASSWORD
The workflow builds/pushes dashboard and worker images, packages Helm, and pushes the chart to ACR as an OCI artifact.
Use .devcontainer/devcontainer.json to get a Python + Docker-in-Docker +
kubectl + Helm + Azure CLI workspace.
# Inside devcontainer terminal
kind create cluster --name sentinel-weave
helm upgrade --install sentinel-weave ./helm/sentinel-weavepip install -r requirements-dev.txt
pytestSee LICENSE.