WinSentinel v1.15.0 — Insider Threat Profiler, Lateral Movement Detector & Privilege Escalation Detection
·
159 commits
to main
since this release
What's New in v1.15.0
🕵️ Insider Threat Behavioral Profiler
Autonomous user risk analysis engine that profiles insider threat indicators:
- Behavioral pattern scoring across access, data movement, and temporal anomalies
- User risk classification with confidence-weighted threat levels
- CLI integration with formatted insider threat reports
🔀 Lateral Movement Detector (MITRE ATT&CK TA0008)
Detects lateral movement techniques across the network:
- SMB/WMI/RDP/PsExec/SSH hop chain detection
- Movement graph construction with source-destination-technique edges
- Autonomous pivot point identification and path analysis
- 486 tests covering detection accuracy and edge cases
⚡ Privilege Escalation Detector (MITRE ATT&CK TA0004)
Identifies privilege escalation attempts matching MITRE ATT&CK TA0004:
- Token manipulation, service abuse, UAC bypass, and scheduled task detection
- Group policy audit integration for misconfiguration-based escalation paths
- 378 tests validating detection coverage
📊 Security Posture Momentum Analyzer
Tracks the trajectory of security posture over time:
- Momentum scoring with velocity and acceleration metrics
- Trend detection (improving, degrading, stagnant) with configurable windows
- Posture delta analysis between assessment periods
🏗️ Infrastructure
- Coverage gate workflow with per-component thresholds and Codecov integration
- 21 new files, ~5,962 lines of production + test code
Test Coverage
| Component | Tests |
|---|---|
| Insider Threat Profiler | 345 |
| Lateral Movement Detector | 486 |
| Posture Momentum Analyzer | 236 |
| Privilege Escalation Detector | 378 |
Full Changelog: v1.14.0...v1.15.0