%%{init: {'flowchart': {'curve': 'monotoneY'}}}%%
flowchart TD
classDef gnat fill:#1c1c20,stroke:#ffffff,color:#edeef2
classDef sensegnat fill:#8a3aa4,stroke:#6a2080,color:#fff
classDef sandgnat fill:#da7e20,stroke:#b06010,color:#fff
classDef redgnat fill:#d91d14,stroke:#a00c04,color:#fff
classDef output fill:#1c1c20,stroke:#8a8a9a,color:#edeef2
n1["External Telemetry & Sources"]:::gnat
n2["GNAT Ingestion & Connectors"]:::gnat
n3["Kafka Telemetry Plane
(gnat.telemetry)"]:::gnat
n4["SenseGNAT
Behavioral Profiling & Anomaly Detection"]:::sensegnat
n5["GNAT STIX Conversion & Correlation"]:::gnat
n6["SandGNAT
Detonation & Artifact Enrichment"]:::sandgnat
n7["RedGNAT
Adversary Emulation & Validation"]:::redgnat
n8["Unified Investigation Graph"]:::gnat
n9["Reporting, Export,
Operator Action"]:::output
n1 -->|ingest| n2
n2 -->|"route telemetry"| n3
n3 -->|"consume raw flow data"| n4
n2 -->|"normalize / convert"| n5
n4 -->|"publish findings"| n5
n5 -->|"submit suspicious artifacts"| n6
n5 -->|"trigger validation"| n7
n6 -->|"detonation findings"| n8
n7 -->|"validation results"| n8
n5 -->|"intel & evidence"| n8
n8 -->|"case output"| n9