📽 LogSentra Video Gallery

LogSentra is a high-performance, AI-driven Cyber Forensics & SOAR platform that converts raw logs into actionable intelligence and automated defense. It follows a streamlined 4-phase lifecycle: 🟣 Ingest — Seamlessly stream, tail, or batch-upload logs (Apache, NGINX, UFW, SSH, Windows EVTX, Syslogs, JSON). Auto-parse & normalize, deduplicate at wire-speed, on-the-fly compression. 🧠 Analyze — Isolation Forest, entropy & n-gram scoring, regex/YARA for LFI/SQLi/RCE/XSS/SSRF, seasonal baselines, AI bot fingerprinting. 🔍 Enrich — Cross-reference in <120 ms: AbuseIPDB, GreyNoise, Shodan, VirusTotal, OTX, WHOIS/ASN, passive DNS, Geo-IP/TOR/cloud flags. ⚡ Respond — block / temp_block / unblock / whitelist, recon ops (geo, traceroute, DNS, port-scan), log/notify/email/webhook, run_command. All versioned with TTL, rollback, tamper-proof changelog.

Create a Project — Name it, check *Remote Machine* to reveal SSH host/port/user and password/private key fields. Define Access + Error logs (Apache, Nginx, IIS, HAProxy, ELB, JSON, Traefik), Firewall logs (UFW, Fortinet, Sophos, Palo Alto, Cisco, pfSense, AWS VPC Flow, Azure NSG, Checkpoint, Juniper), and Auth logs (.json, .log, .csv, plaintext). Click *Start Monitoring* to begin; the project appears in the dashboard sidebar. Add a Firewall (optional) — If none is added, LogSentra defaults to UFW on the linked machine. Or configure: name → type (UFW, iptables, Fortinet, Sophos, Palo Alto, Cisco, pfSense, OPNsense, AWS SG, Checkpoint, Juniper, MikroTik, Azure) → API/SSH host/port → credentials → Save Firewall Config. It then appears in the sidebar. Rules Engine — After initial scanning, open the project → Rules Engine → pick your firewall from the dropdown → execute manual commands, rules, and playbooks against that firewall. Threat Feeds — Dynamically add API keys for AbuseIPDB, VirusTotal, AlienVault OTX, Shodan, GreyNoise, CIRCL MISP, IPQualityScore, IBM, CrowdSec, Kaspersky, Cisco.

Each module targets a critical surface for rapid triage and deep forensics: 👾 Bots — Entropy/behavior signatures to flag crawlers, fuzzers, stealth recon. 📊 Status Codes — Trend 2xx/3xx/4xx/5xx; catch brute-force & backend issues. 🔧 Methods — Spot risky verbs (DELETE/PUT/TRACE) and API probing. 🔥 Suspicious — Surface SQLi, RCE, LFI, XSS, SSRF via regex + AI inspection. 🧠 Risky IPs — AI score blending entropy, deviation, geo-risk, intel overlaps. 📆 Daily Activity — Time series of real vs bot traffic and attack surges. 🔁 Persistence — Detect repeated/rotating payloads and APT-like cadence. 🐞 Error Log AI — Cluster app faults from error logs with NLP + anomaly models. 🛡️ Firewall Alerts — Visualize blocks, scans, packet floods with TTL history. 🔐 Auth Forensics — SSHD sudo abuse, failed logins, geo/session anomalies. 🌐 Threat Intel — AbuseIPDB, GreyNoise, Shodan, OTX, VT + internal intel. 🌍 Global Map — Live heatmap, hotspots by region/ASN, cumulative attack score.

Custom Rules — Combine Path, Method, Status Code, UA markers, CIDR/prefix with actions: ➡ Block · Temp Block (TTL) · Unblock · Whitelist · Geo Locate · Traceroute · DNS Lookup · Port Scan · Run Command. All executions are fully audited with TTL + rollback. Playbooks — Chain actions on triggers like High Score, Scanner Detected, Login Failures, Country Block, Rate Limit, Request Surge, Path Regex — executing autonomously with detailed logs.