Overview
Sentinel is a CTI operations platform that ingests RSS intelligence sources, stores events in SQLite, and refreshes data every hour. It enriches events with severity, KEV status, CVSS/CWE metadata, geolocation, and sector signals to support rapid threat triage.
Main Layout
- Sentinel Metrics (left): Threat actors, attack taxonomy, CVE signals, and sector exposure windows.
- Threat Theater (center): Country severity heat map with event-volume marker sizing, border/name overlay, and in-map legend.
- Intel Feed (right): Newest-first event stream with source, KEV, CVSS/CWE context badges and export tools.
Feed Controls
- Search: Filters by title, description, and source link content.
- Sort: Feed order defaults to newest items first.
- Time window (1D/3D/7D/30D): Restricts feed, metrics, and map simultaneously.
- Severity chips: Multi-select severity filtering (ALL / CRITICAL / HIGH / MEDIUM / LOW).
- Export: CSV export reflects visible feed scope after active filters.
Metrics Interaction
- Click any row to filter by actor, attack type, CVE identifier, or sector.
- Click the same row again to clear the filter. Active filters show accent highlight.
Map Interaction
- Hover marker: Country quick stats with dominant severity, actor, sectors, CVE/KEV pressure, and average CVSS.
- Click marker: Opens marker action menu (focus feed, sector view, export country slice).
- Double-click marker: Opens country-scoped event modal.
- Sector selector + Clear: Applies/clears map-sector and location scope across map/feed/metrics.
Intel Brief
- Schedule: Brief auto-generates on launch and refreshes daily after 12:00 Z.
- Behavior: Brief generation is backend-controlled and cached; users cannot force unlimited regeneration.
- Export: Brief export button enables after a valid brief is available.
Time & Sync
- Zulu clock: Real-time UTC reference for analysts.
- Last Sync: Most recent successful backend refresh timestamp.
Recommended Workflow
- Open with 30D for campaign-level context, narrow to 7D / 1D for active triage.
- Use Map sector + severity filters to reduce noise before drilling into items.
- Use Metrics → Feed filtering to isolate actors, CVEs, and sectors.
- Use Map marker actions to focus regionally and export country-specific slices.
- Press Esc or click outside any modal to close.