Explanation

Discursive discussion of design decisions, theory, and tradeoffs. Read these when you want to understand why SandGNAT works the way it does, not how to operate it.

• Architecture overview — topology + pipeline diagrams
• Why STIX 2.1 as the output format
• Trigram similarity and LSH
• Near-duplicate short-circuit
• Isolation and threat model
• Anti-analysis evasion — detection landscape + mitigation record
• GNAT integration: pull, not push

← Back to documentation index