LogSentra

AI-based Forensic SIEM + SOAR. Radical speed. Surgical response.

Forensic SIEM

AI-powered, high-performance log forensics engine with multi-format ingest: Apache, NGINX, UFW, SSH, Windows EVTX, Sysmon, JSON, CSV, and more. Supports remote SSH and API log sources, auto-parses & normalizes at wire-speed, deduplicates, and compresses on-the-fly. Real-time anomaly detection using Isolation Forest, entropy scoring, YARA/regex heuristics for SQLi, RCE, XSS, SSRF, and behavioral baselines with seasonality analysis. Fully air-gapped compatible — no cloud dependency, no telemetry, no data leakage.

SOAR Playbooks

Build automated, auditable incident response workflows with granular triggers: AI threat score thresholds, login failure patterns, country blocks, scanner detection, request floods, or regex path matches. Chain actions like IP block/temp-block, geo-locate, traceroute, DNS lookup, port scan, notifications, or dynamic rate-limiting. All playbook executions are versioned with TTL, rollback support, and full audit logging — ideal for both autonomous defense and red-team simulations.

Threat Intel

Enrich every event in <120 ms with multi-source threat intelligence: AbuseIPDB, GreyNoise, Shodan, VirusTotal, AlienVault OTX, WHOIS, ASN, passive DNS, Geo-IP, TOR, and cloud-provider flagging. Supports dynamic API key integration for 10+ providers (including CIRCL MISP, IPQualityScore, IBM, CrowdSec, Kaspersky, Cisco). Context scores are blended into the AI detection model for precision blocking, prioritization, and strategic hunting.

Built for Operators

Streamlined for Tier-1 to Tier-3 workflows with live context.

Hard to Break

License-bound to environment; signed offline activations.

How LogSentra Works

In LogSentra, everything starts with a Project. Name it anything you like, enable Remote Machine Mode, and the system will prompt for your SSH Host, Port, Username, and Password or Private Key. Define log file paths for Access and Error Logs (Apache, NGINX, IIS, HAProxy, ELB, JSON, Traefik) and add firewall logs from UFW, Fortinet, Sophos, Palo Alto, Cisco, pfSense, AWS VPC Flow Logs, Azure NSG, Checkpoint, or Juniper. For authentication logs, link JSON, .log, CSV, or plaintext files.

Once saved, click Start Monitoring and LogSentra will instantly begin tailing, parsing, and analyzing data in real time. Projects appear in your dashboard sidebar, where you can drill into analytics or take action.

You can also add a firewall configuration — defaulting to UFW if none is set — or define a custom firewall (iptables, Fortinet, Sophos, Palo Alto, Cisco, pfSense, OPNsense, AWS Security Group, Checkpoint, Juniper, MikroTik, Azure) by providing the API/SSH connection details. Saved firewalls are instantly available in the Rules Engine for executing manual rules or automated Playbooks.

Dynamic Threat Feeds can be added at any time by providing API keys for integrated sources like AbuseIPDB, VirusTotal, AlienVault OTX, Shodan, GreyNoise, CIRCL MISP, IPQualityScore, IBM X-Force, CrowdSec, Kaspersky, and Cisco. These feeds enrich detection in under 120ms and influence AI risk scoring in real time.

When the initial scan is complete, you can:

Open the project to view live dashboards across bots, HTTP methods, suspicious payloads, risky IPs, auth forensics, and global threat maps.
Use the Rules Engine to create granular detection logic (paths, verbs, status codes, UA markers, IP patterns) and apply actions like block, temp block, whitelist, geo-lookup, traceroute, port scan, or run secure commands.
Build Playbooks to chain automated responses for high-score threats, scanner detection, login failures, country blocking, rate limiting, and request surges — all with TTL controls, rollback, and full audit logging.

Every component is air-gap compatible — no telemetry, no cloud dependency. LogSentra can preload offline intel feeds, making it ideal for classified networks, SOC silos, and critical infrastructure where sovereignty and privacy are non-negotiable.

The 4-Phase AI-Powered Lifecycle

Ingest – Seamlessly stream, tail, or batch-upload logs from Apache, NGINX, UFW, SSH, Windows EVTX, Sysmon, IIS, HAProxy, ELB, JSON, Traefik, and more. Auto-parse & normalize via a pluggable parser framework, deduplicate at wire-speed, and apply on-the-fly compression for high-throughput environments. Compatible with both live streams and offline archives, supporting remote SSH/API sources for distributed deployments.
Analyze – Real-time detection powered by an ensemble AI engine: Isolation Forest for unsupervised anomaly detection, entropy & n-gram scoring for obfuscated payloads, and regex/YARA heuristics for exploits (LFI, SQLi, RCE, XSS, SSRF). Builds behavioral baselines with Holt-Winters seasonality analysis and applies AI fingerprinting to distinguish human from bot traffic based on UA, timing, and navigation depth.
Enrich – Cross-reference every IP/URL in under 120 ms against multi-source threat intelligence: AbuseIPDB, GreyNoise, Shodan, VirusTotal, AlienVault OTX, WHOIS, ASN, passive DNS, geo-IP, TOR detection, and cloud-provider flagging. Blends reputation scores with behavioral context into a unified AI threat score for precise prioritization.
Respond – Instantly trigger manual or automated actions with full auditability: block/temp-block/unblock/whitelist, geo-locate, traceroute, DNS lookup, port scan, or secure sandboxed run_command execution. All actions are versioned with TTL control, rollback capability, and tamper-proof changelogs — enabling safe remediation in production or simulation in red-team exercises.

Dashboard Modules

LogSentra provides deep visibility into every attack vector:

👾 Bots — Detect crawlers, scanners, fuzzers, and stealth probes.
📊 Status Codes — Spot backend issues and brute-force attempts.
🔧 Methods — Identify HTTP verb abuse like DELETE, TRACE, PUT.
🔥 Suspicious — Surface SQLi, RCE, LFI, XSS, SSRF attempts.
🧠 Risky IPs — AI risk scoring with behavior and intel overlaps.
📆 Daily Activity — Visualize normal vs attack traffic patterns.
🔁 Persistence — Detect repeated APT-style probing.
🐞 Error Log AI — NLP-based clustering of system/app errors.
🛡 Firewall Alerts — Visualize and track port scan & flood events.
🔐 Auth Forensics — SSHD log analysis for failed logins, sudo abuse.
🌐 Threat Intel — Aggregated multi-source intelligence overlay.
🌍 Global Map — Real-time interactive heatmap of inbound threats.

Rule Engine & Playbooks

LogSentra’s Rule Engine allows you to craft precision detection logic and link it to actionable responses — all with full audit trails, TTL controls, and rollback support. Rules can be applied to any configured firewall in your project, whether local or remote, and execute in real time.

🛠 Custom Rule Definition

Rule Name – Unique identifier for tracking and audits.
Match Path – Monitor URI segments (e.g., /admin, /login, REST API endpoints).
HTTP Method – Flag dangerous verbs like DELETE, PUT, TRACE often abused in API probing.
Status Code – Detect bursts of specific responses (e.g., 403, 500) to reveal failed probes or backend issues.
User-Agent Contains – Identify automation tools (curl, wget, sqlmap) or spoofed browsers.
IP Starts With – Target CIDRs, regions, or ASN subnets for regional blocking.
Action – Choose from:
- Block / Temp Block (TTL) / Unblock / Whitelist
- Geo Locate · Traceroute · DNS Lookup · Port Scan
- Run Command — Secure shell/Python snippets in sandbox

Every rule execution is versioned with a tamper-proof changelog and rollback capability, ensuring operational safety even in live production environments.

📚 Automated Playbooks

Playbooks let you chain multiple actions triggered by advanced conditions — enabling autonomous, context-aware incident response. They are ideal for stopping brute-force attacks, blocking scanners, or mitigating floods before they escalate.

Triggers:
- High AI Threat Score — Above a configurable threshold.
- Scanner Detected — Based on entropy, payload patterns, or fingerprints.
- Login Failures — Brute-force or suspicious SSH login attempts.
- Country Block — Geo-IP based filtering for high-risk regions.
- Rate Limit — Dynamic throttling on excessive request volume.
- Request Surge — Anomaly spike in incoming traffic.
- Path Regex — Match critical or malformed request patterns.
Actions:
- block_ip / temp_block
- trace, geo_lookup, port_scan
- notify, log, email_alert
- drop_connection — Instantly terminate sessions
- rate_limit — Adaptive throttling for risky sources

Playbooks execute autonomously when triggered, log every action for compliance, and can also be run manually for simulations or red-team testing. Perfect for SOC teams wanting to blend AI-powered detection with automated, verifiable incident handling.

Air-Gapped by Design

Built for classified networks, DMZs, SOC silos, and mission-critical infrastructure, LogSentra operates entirely offline with zero telemetry and no cloud dependency. All analytics, detection models, and correlation engines run locally, ensuring complete data sovereignty.

🔒 Self-contained analytics & ML models – All AI detection, correlation, and event processing is embedded and runs on-premise.
🚫 No cloud calls or tracking – No background sync, no phoning home, no hidden analytics. Every byte stays within your perimeter.
🧱 Sovereign-grade incident response – Designed for environments where sensitive data must never leave the network.
🛡 Ideal for high-security deployments – Defense, critical infrastructure, government, and private SOCs.

This architecture ensures LogSentra is compliant with strict security policies, enabling forensic clarity, operational speed, and full autonomy even in completely disconnected environments.

Commercial Customers — Flexible, Usage-Based Pricing

LogSentra’s pricing is designed to scale with your operations — pay only for the limits you set. Start small, expand as you grow, and keep costs predictable.

Projects

₹13050.0 base for up to 3, then ₹3480.0 each additional.

($150 base, then $40 each)

Firewalls

₹8700.0 base for up to 2, then ₹4350.0 each additional.

($100 base, then $50 each)

Threat Intel Keys

₹4350.0 base for up to 2, then ₹1740.0 each additional.

($50 base, then $20 each)

Rules

₹6960.0 base for up to 50, then ₹70.0 each additional.

($80 base, then $0.8 each)

Playbooks

₹10440.0 base for up to 5, then ₹1740.0 each additional.

($120 base, then $20 each)

Minimum monthly: ₹10005.0 (≈ $115 USD). Conversion uses current rate: 1 USD = ₹87.0.

Start — pick limits, get price

Govt, Enterprises & Critical Infrastructure

For government organizations, defense, and large enterprises requiring:

⚡ Fully offline deployments (no cloud calls)
🔒 Extra security modules & hardened configurations
📊 Extended dashboards and compliance reporting
🛡️ Advanced playbooks & automation for large-scale SOCs

Please contact us at admin@tandev.in for a custom enterprise/Govt quote.