Skip to main content
Home/Platform

The VigilSentinel Platform

VigilSentinel is a unified security operations web application: after register → sign-in → trial, you work from one console for agents, Scanning Center (15+ scan types where enabled), compliance views, and SOC-style modules. Deploy it yourself (Docker/VPS) or use a hosted instance; RBAC and licensing decide which menus you see.

Live Preview

See the Platform in Action

One dashboard for the data and modules your organization turns on—visibility grows as you deploy agents, forward logs, and run scans.

🔒 VigilSentinel/dashboard
Advanced Security Intelligence

Detection and analytics

Rules-backed detection and optional ML-style analytics augment scanning and SOC workflows; depth depends on which modules are licensed and how much telemetry you feed the platform.

🔒 VigilSentinel/solutions/analytics

Prioritise what to fix first

Correlation, scoring, and scan outputs help your team see likely compromise paths earlier—grounded in telemetry and tests you run, not in opaque generative claims.

  • OWASP-style assessments and deep test flows from Scanning Center (where licensed)
  • Attack-path style discovery in supported modules
  • Risk scoring and prioritisation views
  • Optional in-console guidance on supported pages—supplemental to your analysts, not a substitute for governance
  • Executive PDFs and summaries from the reporting tools
Platform Features

Everything You Need to Stay Secure

55+ named components map to 15 RBAC categories (free, standalone, paid, premium). The console surface is unified; entitlement determines which areas unlock for each user.

Real-Time Monitoring

Live views use Socket.IO push while sessions are connected; dashboards aggregate agents, detections, and ops data you configure.

  • Main dashboard with detections, cases, and KPI tiles
  • Socket.IO updates for scans and live feeds
  • System health and status pages
  • Executive roll-up views

Vulnerability Scanning

15+ scan types ship in Scanning Center—run them only on targets you own or have written permission to test.

  • 9-phase application security scanning
  • Network vulnerability with CVE detection
  • OWASP-style assessment flows with behavioural analysis where the product exposes them
  • Cognitive penetration testing
  • Bulk scanning capabilities

Analytics and anomaly detection

Statistical and model-backed views can highlight anomalies and prioritise risk; outcomes depend on data volume, module entitlements, and how operators tune the product.

  • Anomaly-style detection where analytics modules are enabled
  • Threat intelligence and behavioural analysis views
  • Optional in-console help on supported pages (not autonomous “LLM agents” on your estate)
  • DQN neural network (experimental / module-specific)
  • Payload pattern coverage in supported test tooling
  • Attack-path analysis and risk scoring where implemented

Agent Management

Download OS-specific install scripts, complete enrollment, then manage endpoint security agents, groups, and keys from the same console; agentless checks require reachable targets and credentials you supply. (“Agent” here means deployed sensor software—not an LLM or autonomous AI agent.)

  • Cross-platform agent support
  • Agentless SSH/WinRM/SNMP monitoring
  • Agent groups and policy management
  • Real-time agent health dashboard

Network Security

Complete network visibility including real-time monitoring, domain management, and threat intelligence.

  • Network monitoring and traffic analysis
  • Domain monitoring and management
  • Network discovery and topology mapping
  • Threat intelligence integration

SOC Operations

24/7 threat monitoring and automated incident response for your security operations center.

  • Live event streaming over Socket.IO (premium-tier modules)
  • IR playbooks and automation you configure
  • Alert correlation plus EDR-style screens—complement, not a blanket replacement for enterprise EDR
  • Forensics and evidence views for investigations
  • Simulations where licensed

Compliance & Reporting

Compliance mapping, audit logs, scheduled reports, and PDF exports are available when those modules are part of your plan.

  • 100+ page enterprise PDF reports
  • Automated report scheduling
  • Compliance framework mapping
  • Comprehensive audit logging

Cloud Security

Multi-cloud security across AWS, Azure, and GCP and continuous compliance monitoring.

  • Multi-cloud support (AWS, Azure, GCP)
  • Continuous compliance monitoring
  • Misconfiguration detection
  • Cloud security scoring

Security Operations

FIM, syslog ingestion, threat hunting, correlation, and active-response actions are implemented as console modules—enable and tune them per environment.

  • File integrity monitoring (FIM)
  • Syslog collector
  • Threat hunting service
  • Correlation engine
  • Active response system

Deception Sensors Optional · off by default

An opt-in module for teams running Cowrie-style SSH honeypots. VigilSentinel ingests their event logs, correlates per-attacker Canarytokens with the originating session, and surfaces transparent classification of automated vs hands-on-keyboard activity. We do not run honeypots on your behalf in v1—you bring the sensor, the platform does the analysis.

  • Cowrie JSON / NDJSON ingestion endpoint with sensor API key
  • Per-session Canarytokens (AWS, kubeconfig, DNS, file) with HMAC-verified trigger webhook
  • IP-mismatch detection between honeypot session and token trigger; low/medium/high confidence on human interaction
  • Explainable classifier (timing variance, idle gaps, banner, command diversity)—not a black-box label
  • IP pseudonymisation by default; reversible mapping only when an admin enables it with a separate key
  • Configurable retention (default 90 days), structured audit trail, GDPR-aligned defaults
  • Experimental adaptive-shell research track: opt-in, deterministic, size-capped, off in production

Honeypots are inherently sensitive. The module ships disabled, refuses to start without a tenant pepper, and logs every action with its purpose and retention so your DPO has a clear record.

Architecture

Built to Scale

Flask + Socket.IO core with optional PostgreSQL, Docker packaging, and background workers—scale by adding capacity to the services you operate.

Modular Design

15 independent categories work together—deploy what you need and scale as you grow.

  • Modular route and service layout inside one application
  • Horizontal scaling via multiple app instances (sticky sessions for Socket.IO)
  • Feature toggles through RBAC and licensing
  • REST APIs and webhooks for integrations you configure

Analytics engine

ML analytics, optional in-console guidance, and experimental model hooks ship in-tree; production value depends on telemetry, training data where applicable, and operator configuration.

  • Anomaly detection algorithms
  • Predictive threat forecasting
  • Behavioral analysis
  • Auto-classification of events

Data Pipeline

Event pipeline ingests syslog, agent heartbeats, and scan results sized for typical mid-market deployments—throughput depends on hardware and database choice.

  • Real-time event streaming
  • Log normalization engine
  • Correlation engine
  • Long-term data retention

Security Core

Security controls include HTTPS when terminated correctly, secure session cookies in production, RBAC, optional MFA/SAML, CSRF protection, and audit trails—configure secrets and TLS in your environment.

  • Least-privilege RBAC mapped to solution categories
  • TLS at the reverse proxy or load balancer
  • Optional credential vault key for sensitive settings
  • Audit log APIs and exports

Cloud-Native

Flexible deployment: on-premises, in the cloud, or hybrid, with full support for AWS, Azure, and GCP.

  • Multi-cloud support
  • Container orchestration
  • Auto-scaling infrastructure
  • High-availability clusters

Integration Hub

Connect adjacent tools through the Integrations hub, webhooks, and the platform’s REST APIs—treat each connector as configuration work, not a guaranteed catalog of 100 turnkey apps.

  • Integration records with test and webhook logs
  • REST APIs for agents, scans, and admin workflows
  • Outbound webhooks for SOAR-style automation
  • SCIM user provisioning where enabled
Deployment

Flexible Deployment Options

Choose self-hosted software on your infrastructure or a managed deployment from VigilSentinel or a partner—the product behavior is the same; operations responsibility differs.

On-Premises

Full control through on-premises deployment—your data stays within your infrastructure with complete sovereignty.

Cloud (SaaS)

With a managed SaaS or hosted agreement, the service provider runs upgrades, backups, and uptime; self-hosted customers operate those tasks themselves.

Hybrid

The best of both worlds: keep sensitive data on-premises while leveraging the cloud for scalability and analytics.

Integrations

Integrates With Your Stack

Seamlessly connect with your existing security and IT infrastructure tools.

AWS
Azure
GCP
Docker
Slack
Jira
Splunk
CrowdStrike
ServiceNow
GitHub
Linux
Windows

Experience the Platform

Start your free trial today and see how VigilSentinel can strengthen your security operations.

Get Quotation