Full Detection Catalog

36 engines. 7 categories. Every 5 minutes.

Every class of attack we have seen hit small businesses, with a purpose-built engine watching for it. Scroll or jump by category.

Core Platform (14) Identity (7) Data (2) Email (3) Cloud (4) Network (3) Threat Intel (3) NEW
The Detection Pipeline

How every event flows through.

Every 5 minutes, all 36 engines run this pipeline against your cloud environment.

1
Collect
Audit events pulled from M365, Google Workspace, AWS, and Cloudflare every 5 minutes.
2
Analyze
All 36 engines run against each event to identify threats and anomalies.
3
Triage
An AI triage layer (Anthropic Claude) evaluates each detection for severity, compliance impact, and attack patterns.
4
Alert
Plain-English alert via SMS, email, Slack, or Teams with step-by-step response guidance.
Category 1
Core Platform — 14 Engines
The foundation. Threat intelligence, AI triage, compliance mapping, and security scoring.
01IP Threat Enrichment
Every IP address that touches your environment is checked against AbuseIPDB, AlienVault OTX, and GreyNoise in real time. Known attackers are flagged instantly.
M365GoogleAWSCloudflareCritical · High
02Behavioral Anomaly Detection
Learns what normal looks like for each user. Flags deviations: unusual hours, unusual locations, unusual application access patterns.
M365GoogleAWSHigh · Medium
03Brute Force Detection
Catches rapid-fire login attempts. Distinguishes targeted attacks from background noise using velocity analysis and source reputation.
M365GoogleCritical · High
04BEC Kill Chain
Tracks business email compromise through 6 stages from reconnaissance to financial fraud. Each stage escalates the alert severity.
M365GoogleCritical · High
05Cross-Customer Attack Patterns
When the same attacker IP hits multiple SentinelSMB customers, everyone is warned. Collective defense across the customer base.
M365GoogleAWSHigh
06Predictive Threat Forecasting
AI analyzes detection patterns across your environment to predict likely attack types before they happen. Shifts from reactive detection to proactive defense.
Medium · InfoCMMC · FTC
07Compliance Mapping
Every alert cites the specific regulation: ABA Model Rule, FTC Safeguards section, CMMC control, or state breach statute.
FTC · ABA · CMMC · NAIC · State breach
08Financial Risk Quantification
Estimates the dollar cost if a detected threat were to succeed. Turns security alerts into business decisions your CFO can understand.
All levelsAll frameworks
09Noise Suppression
AI filters eliminate false positives so you only see alerts that matter. Typically eliminates 95%+ of raw events before they reach your dashboard.
Reduces alert fatigue
10Security Posture Scoring
Continuous 0-100 score measuring your overall cloud security health. Track it week over week. Show it to your board, insurer, or partners.
All frameworks
11AI Plain-English Alerts
Anthropic Claude writes every alert in language anyone can understand. No jargon. No acronyms. What happened, why it matters, and what to do next.
Readable by non-IT staff
12Remediation Recommendation
Every alert includes specific steps to fix the problem. Pro tier enables one-click fixes: block IPs, reset passwords, suspend accounts.
All levelsOne-click on Pro
13Ransomware Pattern Detection
Catches early indicators of ransomware deployment: mass encryption signals, lateral movement, and data staging before the lock screen appears.
M365GoogleAWSCritical
14Incident Response Packaging
Automatically packages forensic evidence for insurance claims, legal proceedings, or regulatory reporting. Documentation your insurer and attorney need.
All frameworks
Category 2
Identity Threat Detection — 7 Engines
Protecting user accounts and authentication. The most common attack vector for small businesses.
15Impossible Travel
Detects when the same account logs in from two cities that are physically impossible to travel between in the time elapsed. A login from Bismarck then London 30 minutes later is not legitimate.
M365GoogleCritical · High
16Credential Stuffing / Password Spray
Catches automated attacks testing stolen passwords against your accounts. Distinguishes targeted attacks from mass spraying using velocity and pattern analysis.
M365GoogleCritical · High
17MFA Bypass / Fatigue Attack
Detects when attackers flood a user with MFA push notifications hoping they approve one out of frustration. The exact attack that breached Uber in 2022.
M365GoogleCritical
18Stale Account Detection
Finds accounts that have not been used in 90+ days but still have active permissions. Every stale account is a backdoor waiting to be exploited.
M365GoogleMedium
19MFA Gap Detection
Identifies every user and admin without multi-factor authentication enabled. Admin accounts without MFA are flagged as critical immediately.
M365GoogleCritical · High
20Token Theft / Session Replay
Catches when a stolen authentication token is used from a different location or device than the legitimate user. Detects the attacker even if they have valid credentials.
M365GoogleCritical
21Account Takeover Sequence
Detects the full takeover pattern: password change, MFA change, and recovery info change within one hour equals account compromise in progress.
M365GoogleCritical
Category 3
Data Protection — 2 Engines
Stopping sensitive data from leaving your environment.
22Data Exfiltration Detection
Catches mass file downloads, bulk external sharing, and large attachments to outside recipients that deviate from normal behavior patterns.
M365GoogleAWSCritical · High
23Sensitive Data Exposure
Finds files shared publicly via “Anyone with the link,” public cloud storage, and sensitive data sent to personal email accounts.
M365GoogleAWSHigh · Medium
Category 4
Email Security — 3 Engines
Business email compromise is the top cyber threat to small businesses. These engines catch it.
24Advanced BEC Detection
Goes beyond basic forwarding rule detection. Catches delegate access grants, transport rule manipulation, distribution list infiltration, and message deletion rules designed to cover tracks.
M365GoogleCritical · High
25Phishing Infrastructure Detection
Checks your email security configuration: DMARC, SPF, and DKIM. Flags misconfigurations that make your domain vulnerable to impersonation.
M365GoogleCloudflareHigh · Medium
26Email Rule Anomaly Detection
Monitors ALL inbox rule changes. Rules that hide “invoice” or “payment” emails are flagged as critical. Rules created after suspicious logins are escalated.
M365GoogleCritical · High
Category 5
Cloud Configuration — 4 Engines
Misconfigurations are the silent threat. These engines catch the settings changes that open doors for attackers.
27Conditional Access Policy Analysis
Audits your access policies for gaps: missing MFA requirements, unblocked legacy authentication, and overly broad exclusions that leave doors open.
M365High · Medium
28Tenant Configuration Drift
Detects when security settings change: security defaults disabled, external sharing opened, password policies weakened. Compares to your previous configuration every cycle.
M365GoogleHigh · Medium
29Shadow IT / Unsanctioned App Detection
Finds every third-party app with access to your cloud environment. Flags unknown publishers with broad permissions that you did not authorize.
M365GoogleHigh · Medium
30Admin Privilege Escalation
Monitors admin role assignments in real time. Self-elevation to Global Admin is flagged as critical immediately. Unauthorized privilege changes are escalated.
M365GoogleAWSCritical
Category 6
Network Security — 3 Engines
DNS, certificates, and domain protection. Catching infrastructure attacks before they reach your users.
31DNS Tampering Detection
Monitors your Cloudflare DNS records for unauthorized changes. MX record tampering (mail hijacking) and NS record changes (domain hijacking) are flagged as critical.
CloudflareCritical · High
32SSL/TLS Certificate Monitoring
Watches Certificate Transparency logs for new certificates issued against your domains. Catches phishing infrastructure and expiring certificates before they cause problems.
CloudflareHigh · Medium
33Typosquatting / Lookalike Domain
Generates lookalike variants of your domain and checks if any are registered. Catches phishing domains before they are used against your employees or clients.
CloudflareHigh · Medium
Category 7 NEW
Threat Intelligence — 3 Engines
An intelligence layer that enriches every other engine. Authoritative threat scoring, breach exposure monitoring, and named threat actor attribution — powered by four global feeds.
34Multi-Source Threat Score
Combines four independent threat-intelligence feeds into one authoritative 0-100 score per IP address. Replaces guesswork with weighted intelligence so high-scoring IPs trigger automatic escalation across every other engine.
AbuseIPDBOTXGreyNoiseURLhausCritical · High
35Breach Exposure Monitoring
Cross-references every user email in your tenant against the global Have I Been Pwned breach database. Catches accounts whose passwords have been exposed publicly — the exact accounts attackers target with credential stuffing.
HIBPCritical · HighNIST 800-63B · IRS 4557
36Threat Actor Attribution
Maps observed attacker IPs to named threat actor groups using OTX pulse data. Transforms a generic “suspicious login from Russia” alert into intelligence-backed attribution: which group, what campaign, what they typically target.
OTX pulsesAuto-escalates +1 severity

All 36 engines. Running right now. For $299.

Connect in under 10 minutes. 7-day free trial, credit card required, nothing charges until day 8.

Start 7-day free trial See pricing