Status: Active Development (Phase-1 Prototype)
Last Updated: November 2025
SynAccel Sentinel is an adaptive cloud-security research framework under active development by the SynAccel Cyber R&D initiative.
The project explores how automation and feedback loops can enable self-learning cloud defenses that detect risks, respond intelligently, and adapt over time.
Sentinel currently includes a working Adaptive Response Loop, which allows the system to learn from its own detections and automatically tighten its response policy when repeated risks occur.
What’s implemented so far:
- Detectors — Identify AWS misconfigurations (IAM and S3 modules).
- Responders — Perform actions or tagging based on the live policy.
- Core (ARL) — Tracks detections, updates 24-hour counters, and adjusts policy automatically.
- Config + State — JSON files store Sentinel’s current policy and adaptive memory.
Detectors → Reports → Core (ARL) → Updated Config → Responders
↑ ↓
└────────────────────── 24h State Memory ─────────────┘
Example behavior
- Multiple public S3 buckets in 24h →
auto_remediate_public = true - Repeated IAM users without MFA →
require_mfa = true, laterdisable_keys_on_nomfa = true
Run
python src/core/sentinel_core.py
See the live Phase-1 demo of Sentinel’s Adaptive Response Loop: View Showcase →
Current Folder Structure
SynAccel-Sentinel/
├── src/
│ ├── detectors/
│ │ ├── iam_exposure_detector.py
│ │ └── s3_public_access_detector.py
│ ├── responders/
│ │ ├── iam_responder.py
│ │ └── s3_responder.py
│ ├── core/
│ │ └── sentinel_core.py
│ ├── utils/
│ └── ...
├── configs/
│ └── sentinel_config.json
├── state/
│ └── sentinel_state.json
├── reports/
│ ├── sample_output/
│ └── ...
└── README.md
----Planned----