Hugging Face's logo

Spaces:
iitian
/
SentinelAI
Running

App Files Community
SentinelAI
File size: 2,382 Bytes
8b3905d
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# SentinelAI — Judge Demo Script (do not improvise)

## Preconditions (2 minutes before)

1. Terminal A — API:  
   `cd SentinelAI && source .venv/bin/activate && export PYTHONPATH=$PWD && export SKIP_DB=1`  
   `uvicorn backend.app.main:app --host 0.0.0.0 --port 8000`
2. Terminal B — UI:  
   `cd SentinelAI/frontend && NEXT_PUBLIC_API_URL=http://127.0.0.1:8000 npm run dev`
3. Open dashboard at `http://localhost:3000` (or your dev URL).

## The flow (≈3–4 minutes)

1. **Start continuous simulation**  
   Terminal C: `python scripts/continuous_demo.py`  
   Say: *“This is autonomous traffic — no manual log upload.”*

2. **Live stream**  
   Point at **Live Threat Feed** and **terminal strip**.  
   Say: *“Collector → parser → enrichment → detection — everything is event-driven.”*

3. **Threat detected**  
   When **detection** rows appear with severity, say: *“Rules + sliding windows — brute-force and post-auth patterns.”*

4. **Incident chain**  
   Point at **Attack Timeline** when an incident appears.  
   Say: *“Correlation fuses events by source into one narrative.”*

5. **AI investigation**  
   Wait for **AI Investigation** to populate (auto-runs after an incident; may take up to ~`AUTO_AI_MIN_SEC` between runs).  
   Say: *“Analyst layer — progression, severity rationale, remediation bullets — local Llama/Qwen on AMD ROCm when configured.”*

6. **WOW — Replay**  
   Click **Replay last chain**.  
   Say: *“We’re re-streaming the buffered kill chain for the jury — same detections and AI report, cinematic replay.”*

7. **Remediation**  
   Scroll AI panel for **Recommended actions** (or call `POST /remediation` with `incident_id` if you show API).  
   Say: *“Playbooks block IOCs, rotate creds, harden IAM.”*

8. **AMD story**  
   Point at **Powered by AMD ROCm** panel (GPU %, latency, concurrent agents are demo-swayed metrics).  
   Say: *“Open weights, on-prem, parallel agents — ROCm is our inference path for SOC-scale throughput.”*

## Optional soak test (10–15 minutes)

- Leave `continuous_demo.py` running; confirm API stays up, WebSocket shows heartbeats, UI stays responsive.
- If the LLM is down, narratives still read well — **cinematic fallback** is always on.

## Backup

- If live demo fails: use your **screen recording** (see `docs/RECORDING_CHECKLIST.md`).