From Alert to Resolution
in Minutes, Not Hours.
Ingest
Hook up Elasticsearch (direct) or any source via Middleware API / custom HTTP / webhook. Sentendra polls each customer's index pattern on a per-customer schedule, normalises to ECS, runs hostname-field priority resolution, and auto-extracts 30+ observable types from the raw event JSON. Continuous uptime checks watch every connection.
Triage
11-operator visual condition builder defines triage rules (auto-classify, set severity, assign) and exclusion rules (suppress noise per-customer). Auto-dedup merges similar alerts inside a configurable window. User-acknowledged exclusions stop repeat notifications without losing the underlying detection. The result: only the alerts that need a human reach the queue.
Enrich & Analyse
VirusTotal looks up hashes, domains, and IPs. Sandbox detonates attachments and pulls back YARA matches and MITRE techniques. The AI engine — self-hosted GPU model on paid plans, or your own OpenAI / Anthropic key — classifies the case with confidence scoring, reconstructs the attack-chain timeline, and grounds its reasoning in your own RAG knowledge base.
Respond
Alerts promote into cases with tasks, SLAs, and templates. n8n playbooks fire on case events for containment, ticketing, or notification (Slack / Teams / Discord / email). Analysts collaborate without leaving the case: in-app chat, audio/video calls with recording, attachments, and per-case email threading via the platform's IMAP/SMTP integration.
Measure
Dedicated MTTR & MTTD analytics with breach tracking. Customer-branded PDF reports (logo + colour theme) on demand or on a cron. Append-only audit log captures every privileged action with actor and IP — exportable into your own SIEM. Full uptime history for every integration.