Skip to content

agloriousli/SentinelAI

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
cmd/sentinel
cmd/sentinel
 
 
internal
internal
 
 
scripts
scripts
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

SentinelAgent: AI-Powered Security Log Analysis Platform

A production-grade Agent service in Golang that processes security logs using LangChain (langchaingo) to orchestrate a multi-step reasoning workflow for threat classification.

Features

  • Multi-step reasoning workflow via LangChainGo agent with tool calling
  • Hybrid RAG pipeline using Redis Stack as vector store for threat intelligence (IoC retrieval, sub-100ms latency)
  • High-concurrency API with Gin handling 500+ QPS, connection pooling, request throttling, and async job queues
  • Tool calling: VirusTotal API for IoC lookup, Jira integration for incident tickets
  • Containerized with Docker and docker-compose (Agent, Redis Stack, PostgreSQL)

Quick Start

Prerequisites

  • Go 1.22+
  • Docker & docker-compose
  • OpenAI API key

Run with Docker (recommended)

# Copy environment template
cp .env.example .env
# Add your OPENAI_API_KEY to .env

# Start all services
docker-compose up -d

# Check health
curl http://localhost:8080/health

# Analyze a security log
curl -X POST http://localhost:8080/api/v1/analyze \
  -H "Content-Type: application/json" \
  -d '{"log_entry": "Failed login attempt from 192.168.1.100 to admin@example.com at 14:32 UTC", "async": false}'

Run locally

# Start Redis Stack and PostgreSQL
docker-compose up -d redis postgres

# Build and run (requires Go 1.22+)
export OPENAI_API_KEY=sk-xxx
make build && make run

Tests

go test ./...

API

Endpoint Method Description
/health GET Health check
/api/v1/analyze POST Analyze security log (sync or async)
/api/v1/jobs/:job_id GET Async job status

Analyze request

{
  "log_entry": "Suspicious SSH connection from 10.0.0.5 to server-01",
  "async": false
}

Analyze response

{
  "id": "uuid",
  "classification": "High",
  "confidence": "High",
  "recommendation": "Block IP and review access logs"
}

Configuration

Variable Default Description
PORT 8080 Server port
REDIS_URL redis://localhost:6379 Redis connection
DATABASE_URL postgres://... PostgreSQL for audit
OPENAI_API_KEY - Required for analysis
VIRUSTOTAL_API_KEY - Optional, for IoC lookup
JIRA_* - Optional, for incident tickets

Architecture

┌─────────────┐     ┌─────────────┐     ┌──────────────┐
│   Gin API   │────▶│   Agent     │────▶│ OpenAI LLM   │
│   (8080)    │     │ Orchestrator│     │ (gpt-4o-mini)│
└─────────────┘     └──────┬──────┘     └──────────────┘
       │                   │                     │
       │                   ├─────────────────────┼──▶ VirusTotal
       │                   │                     └──▶ Jira
       │                   │
       ├───────────────────┼──▶ Redis (RAG/IoC vector store)
       │                   │
       └───────────────────┴──▶ PostgreSQL (audit log)

Project Structure

cmd/sentinel/       # Main entrypoint
internal/
  agent/            # LangChain agent, tools (VT, Jira)
  api/              # Gin handlers, server
  config/           # Configuration
  middleware/       # Throttling
  queue/            # Async job queue
  rag/              # Redis vector store, RAG pipeline
  store/            # PostgreSQL audit

About

A security-focused Agent that ingests raw security logs, uses RAG to query threat intelligence, and automatically generates incident reports - all served via a high-performance API.

Topics

redis golang security rag ai-agent langchain

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages