WinSentinel v1.14.0 — Kill Chain Reconstructor, Threat DNA Profiler & Docker Orchestration
What's New
🔗 Kill Chain Reconstructor
Autonomous attack phase mapping and progression detection. Maps security audit findings to 14 MITRE ATT&CK kill chain phases, detects multi-phase attack progressions across 10 templates (ransomware, APT, credential theft, insider threat, etc.), predicts next likely phases using Markov-based transition probabilities, and generates prioritized response plans.
\\�ash
winsentinel --kill-chain [--json] [-o report.json]
\\
🧬 Threat DNA Profiler
Generates a unique vulnerability fingerprint for a system by analyzing historical audit findings. Extracts threat 'genes' (recurring vulnerability patterns), tracks frequency/persistence/resistance to fixes, maps to MITRE ATT&CK techniques, and detects mutations over time.
\\�ash
winsentinel threat-dna [--threat-dna-days 90] [--threat-dna-top 15] [--json]
\\
Features:
- Evolutionary tracking with snapshot history and mutation detection
- Resilience scoring (0–100) with phase detection (Emerging → Stabilizing → Hardening → Resilient)
- SHA256-based DNA hash fingerprint for quick comparison
- Targeted hardening plan with priority, effort, and resilience gain estimates
🐳 Docker Orchestration Improvements
- Build ARGs for VERSION, BUILD_DATE, VCS_REF with OCI image labels
- Dedicated test stage (--target test) for CI integration
- HEALTHCHECK for CLI and Service runtime stages
- docker-compose.yml with cli/service/scheduled-audit services
📖 Security Operations Runbook
Comprehensive operational guide covering daily operations, incident response (4-phase), scheduled maintenance, compliance workflows, fleet management, alert configuration, escalation matrix, and integration patterns.
🔧 CI/CD
- Removed redundant build.yml (consolidated into ci.yml matrix)
- Added dependency-review on PRs (actions/dependency-review-action@v4)
- Added SBOM generation (SPDX) via Microsoft.Sbom.DotNetTool