What is Network Sentinel and how does it differ from a traditional SIEM?

Network Sentinel is an extensible security intelligence platform that goes beyond log collection. It combines unified risk scoring, device fingerprinting, blast radius analysis, and AI-powered insights into a single self-hosted platform — giving you actionable context instead of raw alerts.

How does the unified risk scoring work?

Every device receives a 0-100 risk score calculated from four weighted factors: Device Type (30%), Policy Exposure (35%), Vulnerabilities (20%), and Behavioral Anomalies (15%). This surfaces your highest-risk devices based on actual business impact, not just alert volume.

What compliance frameworks does Sentinel support?

Sentinel includes pre-built dashboards for NIST CSF (19 controls), CIS v8 (10 controls), and SOC 2 Type II (9 controls), with CMMC-aligned continuous monitoring. Automated evidence collection reduces audit preparation from weeks to hours.

How does Sentinel handle alert fatigue and notification routing?

Sentinel uses alert deduplication and fatigue scoring to prevent overload. Critical findings are routed instantly to Slack and push notifications, while low-priority items are batched into daily digests. You can customize severity thresholds and routing rules per team.

Can Sentinel integrate with our existing security tools?

Yes. Sentinel uses a plugin framework with built-in adapters for Wazuh, UniFi, Elasticsearch, Zammad, Ollama, Slack, and ntfy. Additional adapters are available for Splunk, Meraki, FortiGate, Cisco ISE, Jira, AbuseIPDB, and MISP — and custom plugins can be written in about 50 lines of code.

Is our security data kept private with Sentinel?

Absolutely. Sentinel is deployed entirely on your infrastructure — your security data never leaves your network. The platform provides full data sovereignty with multi-tenant isolation for MSPs managing multiple client environments, and all AI analysis runs locally via Ollama.

Production Hardened • 252+ Tests Passing

NetworkSentinel

Extensible network security intelligence platform. Unified risk scoring across your entire security stack with a plugin framework for bringing your own tools.

Network Sentinel is an extensible network security intelligence platform that provides unified risk scoring across your entire security stack, with a plugin framework for integrating existing tools like Wazuh, Splunk, and CrowdStrike.

Schedule a Demo Talk to Sales

Self-Hosted

24/7 Monitoring

CMMC Ready

100% Data Privacy

Multi-Tenant

Key Takeaways

•Unified risk scoring across your entire security stack — not siloed alerts from separate tools
•Plugin framework lets you bring your own tools (Wazuh, Splunk, CrowdStrike, custom APIs)
•Self-hosted deployment means your security data never leaves your infrastructure
•Maps to compliance frameworks including NIST CSF, CIS Controls v8, and CMMC
•Production-hardened with 252+ tests passing and real-world deployment experience

Risk = DT(.30) + PE(.35) + V(.20) + B(.15)

Device Type + Policy Exposure + Vulnerabilities + Behavior

What Sentinel Does

One platform to monitor, score, detect, and respond — across your entire stack.

🎯

Unified Risk Scoring

Policy-aware risk scores combining device type, firewall exposure, CVE data, and behavioral anomalies. Know which devices need attention — ranked by actual risk, not just alert volume.

🔌

Plugin Framework

Swap integrations without changing code. Built-in adapters for Wazuh, UniFi, Elasticsearch, Zammad, Ollama, Slack, and ntfy. Write a custom plugin in ~50 lines.

📊

Compliance Dashboards

Pre-built frameworks for NIST CSF, CIS v8, and SOC 2 Type II with weighted scoring and maturity levels. Automated evidence collection for audit readiness.

💥

Blast Radius Analysis

1-hop and 2-hop network reachability from any device. See exactly what an attacker could reach if a device is compromised — based on your actual firewall rules.

🧠

AI-Powered Analysis

Natural language queries powered by Ollama. Ask "which IoT devices have critical vulnerabilities?" and get actionable answers. AI-generated executive summaries for leadership.

🔄

Automated Failover

Primary and standby node monitoring with automatic service failover. Cloudflare Tunnel health checks ensure traffic routes to healthy infrastructure within seconds.

🌊

Network Traffic Analysis

Zeek sensor integration for deep packet inspection. Connection logs, DNS queries, HTTP requests, and SSL certificate analysis — with behavioral anomaly detection.

🔔

Smart Alerting

Alert deduplication, fatigue scoring, and severity-based routing. Critical alerts go to Slack and push notifications. Low-priority findings batch into daily digests.

🏠

Self-Hosted & Private

Deployed on your infrastructure. Your security data never leaves your network. Full data sovereignty with multi-tenant isolation for MSPs managing multiple clients.

What We Monitor

From device fingerprinting to compliance posture — full-stack visibility.

Devices

Automated device discovery via UniFi/Meraki
IoT/OT fingerprinting via MAC OUI + DHCP
Real-time inventory sync (every 5 min)
Device classification and risk tagging

Vulnerabilities

CVE tracking from Wazuh feeds (every 15 min)
Severity scoring (Critical/High/Medium/Low)
Vulnerability-to-device mapping
Patch status and remediation tracking

Network

Zone-based segmentation analysis
Firewall policy simulation (what-if)
Zeek flow analysis (conn/DNS/HTTP/SSL)
Behavioral anomaly detection (Z-score)

Compliance

NIST CSF (19 controls)
CIS v8 (10 controls)
SOC 2 Type II (9 controls)
CMMC-aligned continuous monitoring

Bring Your Own Tools

Six plugin categories let you swap integrations without changing core code.

Category	Built-In	Purpose
SIEM	Wazuh	Security context, vulnerability data, agent status
Network	UniFi	Device discovery, networks, firewall rules
Data Store	Elasticsearch	Device and alert indexing, search, aggregations
Ticketing	Zammad	Incident ticket creation and management
AI	Ollama	Alert analysis, executive summaries, NL queries
Notifications	Slack + ntfy	Multi-channel alert delivery

Additional adapters available for Splunk, Meraki, FortiGate, Cisco ISE, Jira, AbuseIPDB, and MISP.

How It Works

Discover

Sentinel syncs your device inventory every 5 minutes from your network controller. IoT and OT devices are fingerprinted via MAC OUI and DHCP signatures.

Assess

Vulnerability data from Wazuh feeds every 15 minutes. Firewall policies analyzed for exposure. Zeek captures network behavior baselines over rolling 7-day windows.

Score

The risk engine calculates a 0-100 score per device: Device Type (30%) + Policy Exposure (35%) + Vulnerabilities (20%) + Behavior (15%). Critical devices surface instantly.

Alert

Smart alerting with deduplication and fatigue scoring. Critical findings hit Slack and push notifications immediately. Low-priority items batch into daily digests.

Report

Automated daily, weekly, and monthly reports with AI-powered executive summaries. Compliance posture dashboards for NIST CSF, CIS v8, and SOC 2.

Who It's For

From solo IT shops to defense contractors.

🏢

Small & Mid-Market Businesses

Enterprise-grade security monitoring without the enterprise price tag. Unified risk scoring across your entire network — servers, endpoints, IoT devices, and cloud resources.

💻

Managed Service Providers

Multi-tenant architecture lets you monitor all client environments from a single deployment. Per-tenant dashboards, API keys, rate limits, and white-label reporting.

🛡️

Defense Contractors (CMMC)

Continuous monitoring is a CMMC Level 2 requirement. Sentinel provides audit trails, access logging, vulnerability tracking, and compliance posture reporting your assessor needs.

🏥

Healthcare & Regulated Industries

HIPAA requires monitoring of systems containing ePHI. SOC 2 and NIST CSF compliance frameworks built in. Automated evidence collection reduces audit prep from weeks to hours.

Built With

Open-source foundations. Enterprise-grade results.

Wazuh

SIEM / XDR

Grafana

Dashboards

Prometheus

Metrics

Elasticsearch

Search / Index

Zeek

Network Analysis

Ollama

AI Engine

n8n

SOAR Playbooks

Cloudflare

Tunnels / CDN

See Sentinel in Action

We'll walk you through a live demo on our own infrastructure — the same system we trust to protect our business.

Schedule a Demo Contact Sales

Is This Right for You?

✓ When to Use This Service

If
you have multiple security tools generating alerts with no unified view — Sentinel aggregates and scores risk across your entire stack
If
you need compliance reporting mapped to specific frameworks — built-in mapping to NIST CSF, CIS v8, SOC 2, and CMMC
If
you require self-hosted security infrastructure — deploy on your own servers with full data sovereignty

✗ When This May Not Be the Right Fit

If
you have fewer than 10 endpoints to monitor — a simpler tool like a managed SIEM service may be sufficient
If
you need a fully managed SOC with 24/7 human analysts — Sentinel is a platform, not a managed service — though it integrates with MDR providers
If
you only need basic antivirus and firewall management — an endpoint protection platform may be a better starting point