Overview
Sentinel is a CTI operations platform that ingests RSS intelligence sources, stores events in SQLite, and refreshes data every hour. It applies severity scoring, geolocation extraction, sector tagging, and map overlays to support rapid threat triage.
Main Layout
- Sentinel Metrics (left): Threat actors, attack taxonomy, CVE signals, and sector exposure windows.
- Threat Theater (center): Country severity heat map with volume scaling, border/name overlay, and in-map legend.
- Intel Feed (right): Time-ordered event stream with severity badges, source links, and export tools.
Feed Controls
- Search: Filters by title, description, and source link content.
- Time window (1D/3D/7D/30D): Restricts feed, metrics, and map simultaneously.
- Severity chips: Multi-select severity filtering (ALL / CRITICAL / HIGH / MEDIUM / LOW).
- Export: CSV export reflects visible feed scope after active filters.
Metrics Interaction
- Click any row to filter by actor, attack type, CVE identifier, or sector.
- Click the same row again to clear the filter. Active filters show accent highlight.
Map Interaction
- Hover marker: Country quick stats with dominant severity, actor, sectors, and CVE/KEV pressure.
- Click marker: Opens marker action menu (focus feed, sector view, export country slice).
- Double-click marker: Opens country-scoped event modal.
- Sector selector + Clear: Applies/clears map-sector and location scope across map/feed/metrics.
Intel Brief
- Schedule: Brief auto-generates on launch and refreshes daily after 12:00 Z.
- Behavior: Brief generation is backend-controlled and cached; users cannot force unlimited regeneration.
- Export: Brief export button enables after a valid brief is available.
Time & Sync
- Zulu clock: Real-time UTC reference for analysts.
- Last Sync: Most recent successful backend refresh timestamp.
Recommended Workflow
- Open with 30D for campaign-level context, narrow to 7D / 1D for active triage.
- Use Map sector + severity filters to reduce noise before drilling into items.
- Use Metrics → Feed filtering to isolate actors, CVEs, and sectors.
- Use Map marker actions to focus regionally and export country-specific slices.
- Press Esc or click outside any modal to close.