Explanation
Architecture, rationale, and design choices behind GNAT.
| Topic | Description |
|---|---|
| Architecture | System overview: connectors, analysis, reporting, dissemination, telemetry |
| Cross-Tool Investigation Model | How SandGNAT, SenseGNAT, and RedGNAT attach outputs to GNAT investigations |
| Rule Engine | Why Hy, two-engine coexistence, advisor pattern, AI ceiling design |
| Architecture Decision Records | 55 ADRs documenting every design decision |
| Diagrams | System architecture and data flow diagrams |
| Implementation Plan | Build sequence and connector roadmap |
| Automation | |
| Quality Agents | Fixture coverage, normalization regression, contract verification |
| Security Agents | Secrets hygiene and security scanning |
| Secrets Broker | Credential management and provider abstraction |
| Normalization Regression | Automated regression testing for STIX normalization |
Diataxis note: Explanation docs are understanding-oriented. For task instructions, see the How-to guides.
Licensed under the Apache License, Version 2.0