SentinelSIFT-X is an autonomous Digital Forensics and Incident Response (DFIR) investigation platform built for the SANS AI Cybersecurity Hackathon.
The system uses a multi-agent architecture inspired by the SIFT methodology to analyze forensic evidence, correlate findings, verify conclusions, and generate investigation reports.
- Open the demo URL (https://sentinelsift-x-dashboard.vercel.app)
- Upload one of the provided sample case files from the dataset (e.g., case3.json). {The dataset can be accessed from https://github.com/shefalimodi24-source/SentinelSIFT-X , under data , where json files like case3.json , case2.json etc are present}
- Click "Start Investigation".
- Review the generated findings, investigation workflow, evidence explorer, and final report.
SentinelSIFT-X consists of specialized agents:
- Memory Agent
- Disk Agent
- Log Agent
- Protocol SIFT Agent
- Windows Artifact Agent
- Correlation Agent
- Challenge Agent
- Contradiction Agent
- Verifier Agent
- Tool Selection Agent
Each agent performs a focused forensic task and contributes evidence-backed findings to the final report.
- Autonomous forensic investigation workflow
- Multi-agent reasoning architecture
- Evidence correlation across artifacts
- Investigation plan generation
- Verification and self-correction pipeline
- Structured reasoning logs
- Benchmark evaluation framework
- REST API for frontend integration
- Python
- FastAPI
- LangGraph
- Pydantic
- Uvicorn
backend/
graph/
agents/
data/
uploads/
Clone the repository:
git clone https://github.com/your-username/sentinelsift-x.git
cd sentinelsift-xInstall dependencies:
pip install -r requirements.txtRun the API:
uvicorn backend.app:app --reloadAPI will be available at:
http://localhost:8000
Swagger Documentation:
http://localhost:8000/docs
Run a sample case:
python data/run_case.py data/case3.jsonPOST /analyzeUpload a forensic case file and start an investigation.
GET /latestRetrieve the latest investigation results.
Input Evidence
|
v
Memory Agent
Disk Agent
Log Agent
|
v
Protocol SIFT Agent
|
v
Windows Artifact Agent
|
v
Correlation Agent
|
v
Challenge Agent
|
v
Contradiction Agent
|
v
Verifier Agent
|
v
Tool Selection Agent
|
v
Investigation Report
MIT License
Built for the SANS AI Cybersecurity Hackathon using concepts from the SIFT (SANS Investigative Forensic Toolkit) methodology.