Feed Sentinel a log from almost any source — a recognised vendor or a raw export. It reconstructs the full attack chain, maps every finding to the APPs, Essential Eight and ISM controls, and scores breach-notifiability under the NDB scheme — before the 30-day clock matters.
Each one corresponds to a specific control obligation under the Privacy Act, the SOCI Act, or the ASD ISM. Not generic SIEM features — the controls your regulator actually asks about.
Push (Splunk HEC, syslog/TLS, OTLP) or pull (Graph API, Okta System Log, CloudTrail, Defender, CrowdStrike FDR), with a hardened on-prem connector for air-gapped sites.
A temporal property graph links events across identity, endpoint, network and SaaS surfaces. MITRE ATT&CK technique mapping with kill-chain visualisation.
Built-in rules for unauthorised PII access, bulk export, retention violation and improper destruction — each mapped to the responsible Australian Privacy Principle.
Continuous control attestation for all 8 ASD mitigations. A Maturity Level 1 → 3 evidence pack produced automatically each month.
For each incident, an estimated affected-individual count and serious-harm probability — informs your OAIC notification decision before the 30-day clock matters.
One scan → four deliverables: 90-day IT plan, board brief, HR summary and a draft OAIC memo. All grounded in the deterministic findings and citation-traceable.
Per finding, a screenshot-illustrated fix card for the actual vendor product (PAN-OS, Defender, CrowdStrike…), scraped weekly from vendor docs with currency stamps.
A regex + ML classifier tags every field at ingest — PII / SENSITIVE / HEALTH / FINANCIAL / CREDENTIAL. Tags drive retention and access policy automatically.
Encryption at rest with per-tenant keys and strict tenant boundaries, so one customer's data is never readable from another customer's context.
Australian-owned and Australian-hosted, end to end. Your logs — and the analysis of them — stay on Kaitiaki-controlled Australian infrastructure. Nothing is sent to a third-party service.
Every authentication, authorisation decision, admin action and data export is written to an append-only, hash-chained audit trail, designed so any tampering is detectable.
Detection logic is deterministic Sigma + our Compliance Detection Language. LLMs only narrate — they never decide whether a breach occurred. Every claim is traceable.
Sentinel doesn't need a bespoke integration to read your logs — it ingests standard exports (CSV, JSON, syslog, Windows EVTX, ZIP) directly, and auto-detects and normalises 50+ vendor formats. Recognised sources include:
Four aligned artefacts that say the same thing in different registers — so your IT team, board, HR lead and legal counsel are reading from one evidence trail.
Most engagements start with a single-week scan against your existing telemetry, scoped to APP 11.1 and Essential Eight ML1–ML2. You see your posture, you keep every artefact, you choose what comes next.