Reference Index
Reference documentation for SenseGNAT. These documents describe the system precisely. They are consulted, not read cover-to-cover.
Documents
| Document |
Description |
| Data Model |
All core frozen dataclasses: NormalizedNetworkEvent, BehaviorProfile, Finding, Narrative, and the canonical subject identity rule. |
| Detectors |
All four anomaly detectors (RareDestinationDetector, PeerDeviationDetector, PolicyViolationDetector, TimeWindowDriftDetector): signatures, logic, finding properties, and evidence keys. |
| Adapters |
The EventAdapter ABC and all four concrete implementations (SampleEventAdapter, CsvEventAdapter, ZeekConnLogAdapter, SuricataEveAdapter): constructor parameters, column/field mappings, and parse rules. |
| Policy Schema |
The YAML policy file format: groups and subjects structure, field types, resolution rules (subject rules union with group rules), and a complete annotated example. |
| Configuration |
SenseGNATSettings and its sub-models (RuntimeSettings, StorageSettings, GNATSettings), load_settings(path), all fields with types and defaults, and a complete annotated YAML example. |
| GNAT Connector |
GNATConnector constructor, all methods, the TAXII 2.1 transport details, PushResult, and complete STIX Indicator and Note field schemas with example JSON. |
Quick lookup