Skip to content

SelimAtambaev/sentineflow

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
agent
agent
 
 
server
server
 
 
venv
venv
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

SentinelFlow — Network Traffic Monitor & Alert System

SentinelFlow is a lightweight, behavior-based network traffic monitoring and anomaly detection system built with Python, FastAPI, and Scapy.

The project simulates enterprise-style network monitoring by collecting live traffic metrics, analyzing packet behavior, detecting suspicious activity patterns, and generating real-time risk alerts through a centralized dashboard.

Features

Network Monitoring

  • Real-time network traffic collection
  • System bandwidth and packet statistics
  • Continuous monitoring of active network behavior

Packet Analysis

  • TCP SYN packet detection
  • Unique destination port tracking
  • Basic port-scan behavior analysis

Threat Detection

  • Traffic spike detection
  • Idle-to-noisy behavior monitoring
  • SYN flood–like activity alerts
  • Risk scoring engine using sliding-window analysis

Dashboard

  • Live monitoring dashboard
  • Color-coded risk scoring
  • Agent hostname and activity tracking
  • Last alert and status visualization

Technologies Used

  • Python 3
  • FastAPI
  • Scapy
  • psutil
  • Uvicorn
  • JSON / REST APIs

Project Architecture

SentinelFlow consists of two core components:

Monitoring Agent

The Python-based agent runs on a monitored node and collects:

  • Network usage metrics
  • Packet-level traffic signals
  • System activity statistics

Central Server

The FastAPI server:

  • Receives telemetry data from agents
  • Computes behavioral risk scores
  • Detects anomalies and suspicious activity
  • Displays results in a live dashboard

Detection Capabilities

Current detection logic includes:

  • Traffic spike analysis
  • SYN flood–style behavior detection
  • Port scan pattern recognition
  • Baseline deviation monitoring
  • Real-time anomaly scoring

Installation

# Clone repository
git clone https://github.com/SelimAtambaev/sentineflow.git

# Enter project directory
cd sentineflow

# Create virtual environment
python3 -m venv venv

# Activate environment
source venv/bin/activate

# Install dependencies
pip install -r requirements.txt

# Start FastAPI server
uvicorn server.main:app --reload

Future Improvements

  • Docker container deployment
  • WebSocket live updates
  • Email / Discord alert integration
  • Machine learning anomaly detection
  • Multi-agent enterprise scaling
  • Threat intelligence feeds

Educational Purpose

This project was developed to strengthen practical skills in:

  • Cybersecurity monitoring
  • Network traffic analysis
  • System administration
  • Threat detection concepts
  • Backend API development

Author

Selim Atambaev
Computing & Security Technology Student
Drexel University

About

Lightweight network behavior monitor with packet inspection & risk scoring.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages