Skip to content

Cyber Sentinel

Automated, AI-driven security ecosystem for network monitoring, threat intelligence gathering, and incident response.

Project

version license last commit stars

Security & Compliance

Dependabot OpenSSF Scorecard Trivy CodeQL

Tech Stack

Python ansible docker vault MySQL MongoDB n8n Grafana Prometheus Raspberry Pi

๐ŸŽฏ Project Purpose

Cyber Sentinel is an AI-native security orchestration platform designed to bridge the gap between raw network telemetry and autonomous threat response. It transforms passive monitoring into an active, intelligent defense layer.

๐Ÿ›ก๏ธ Core Problems Solved

  • Analysis Fatigue: Automates the evaluation of thousands of DNS queries, using AI to identify malicious patterns that traditional signature-based systems miss.
  • Data Fragmentation: Consolidates disparate CTI (Cyber Threat Intelligence) sources into a unified, AI-ready intelligence pool.
  • Manual Response Lag: Eliminates the "human-in-the-loop" delay by triggering autonomous security playbooks the moment a threat is verified by AI.
  • Secrets: Solves the risk of exposed API keys and credentials across distributed containers by centralizing all sensitive data in HashiCorp Vault.

๐Ÿš€ The Evolution of Sentinel

By orchestrating a high-performance Docker stack, the system provides a structured pipeline where DNS traffic is captured, processed, and enriched. The key pillars of this version are:

  • AI engine: The system is not limited to simply storing logs, but treats data as a "Neural Lake". It uses analysis based on LLM models (via Gemini/n8n) with a detection-first 1โ€“5 scoring policy loaded dynamically from the database, generating bilingual security assessments (English/Polish) and an audit-ready scoring rationale for each detected indicator.
  • Autonomous coordination: Centralises the entire threat lifecycle โ€” from detection to mitigation โ€” within n8n workflows, acting as a modular SOAR (Security Orchestration, Automation, and Response) system.
  • Predictive CTI: Transforms raw, passive DNS logs into predictive intelligence, identifying potential infrastructure before it is used in an active attack.
  • Hardened infrastructure: Secured by HashiCorp Vault for enterprise-grade secret lifecycle management and Nginx SSL Proxy to ensure encrypted communication across all service nodes.

๐Ÿ“š Documentation

๐Ÿ—๏ธ Architecture
Containerized stack, DNS pipeline, service dependency map
๐Ÿš€ Deployment
Full Ansible IaC โ€” one command, modular playbooks 00 โ†’ 06
๐Ÿณ Components
13 Docker services documented with config snippets
๐Ÿค– n8n Workflow
AI threat enrichment pipeline with severity-graded alerts
๐Ÿ—„๏ธ Database Schema
MySQL tables, analytical views, partitioning & retention
๐Ÿ” Vault & Secrets
Zero-secrets policy, KV v2 provisioning via Ansible

๐Ÿ‘ค Author

Lukasz Dejko
ลukasz Dejko
Automation Engineer ยท Backend Developer
LinkedIn ยท GitHub ยท Cybersecurity Blog ยท Gravatar

Documentation is being added successively as the project evolves. Check back often for updates on AI workflows, database schemas, and Ansible automation.