Skip to content

serpent11195/shellsentinel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
bin
bin
 
 
config
config
 
 
docs
docs
 
 
lib
lib
 
 
plugins
plugins
 
 
reports
reports
 
 
rules
rules
 
 
scenarios
scenarios
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
README.md
README.md
 
 

Repository files navigation

ShellSentinel

ShellSentinel is a Bash-based defensive detection framework for simulated security logs.

It implements:

  • normalized event schema
  • plugin-based detectors
  • finding correlation into incidents
  • risk scoring
  • timeline reconstruction
  • explain mode
  • replay mode
  • text and JSON reporting

Quick Start

bash bin/shellsentinel.sh help
bash bin/shellsentinel.sh doctor
bash bin/shellsentinel.sh analyze scenarios/multi_stage_incident.log
bash bin/shellsentinel.sh test

Safety Boundary

ShellSentinel is defensive-only.

It:

  • analyzes simulated or safe logs
  • does not execute malicious behavior
  • does not create persistence
  • does not modify startup entries
  • does not perform real network activity
  • does not encrypt, delete, hide, or alter user files
  • expects detector plugins to only read normalized logs and write findings

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages