Sentry-AI

Inspiration

Sim environments can generate alerts for SOC teams, but the investigation process is still largely manual. Analysts must review alerts and determine whether they are false positives, benign activity, or real security threats. This manual triage takes time and slows down response. Our idea was inspired by the opportunity to automate the investigation process, helping analysts quickly analyze alerts, enrich them with threat intelligence, and make faster, more informed decisions.

What it does

The system acts as an AI-assisted SOC investigation platform. It analyzes security alerts, enriches them with threat intelligence sources such as VirusTotal, IPInfo, and VPN detection, and automatically performs a structured investigation following SOC triage practices. The platform helps analysts quickly determine whether an alert is a false positive, benign activity, or a real security incident, provides recommended response actions, and tracks investigations through to closure with full documentation.

How we built it

We built the platform as a web-based SOC dashboard that integrates multiple threat intelligence APIs, including VirusTotal, IPInfo, and VPN detection, to automatically enrich alerts with useful context. We then connected this data to an AI assistant that analyzes the alert and helps guide the investigation. The system organizes everything into a structured investigation workflow where analysts can review the findings, interact with the AI through a chatbot, and close cases with proper documentation.

Challenges we ran into

One of our biggest challenges was integrating the Backboard AI with our backend. At times the responses weren’t accurate, and occasionally the system wouldn’t return a response at all, which led to a lot of debugging and troubleshooting. Another challenge was that some team members had midterms and had to miss the first day of the hackathon, which meant we had a delayed start and less time to build everything we originally planned.

Accomplishments that we're proud of

We are incredibly proud of how Sentry AI evolved into a high-performance security orchestrator that bridges the gap between raw detection and actionable response. While standard systems can generate alerts for SOC teams, the investigation process remains a manual bottleneck where analysts must painstakingly distinguish between false positives and real threats. Our implementation was inspired by the opportunity to automate this triage through three core pillars: a specialized chatbot powered by OpenAI for natural language querying, a SOC-style dashboard that accurately tracks every incoming threat in a unified SQLite audit trail, and an AI-driven investigation planner. By leveraging our LangGraph-driven orchestrator to dynamically select tools like VirusTotal and IPinfo, Sentry doesn't just display alerts—it enriches them with real-time intelligence to make the fast, informed containment decisions necessary to stop fraud before it occurs.

What we learned

Through building this project, we learned a lot about how real SOC investigations work and how complex the triage process can be. We also gained experience integrating multiple threat intelligence APIs and working with AI to assist with security analysis. Most importantly, we learned how to design a system that supports analysts rather than replaces them, helping automate repetitive parts of investigations while still leaving the final decision to a human.

What's next for Sentry-AI

Our next step is integrating Sentry-AI with a SIEM lab environment so it can respond to real alerts instead of simulated ones. This would allow the platform to investigate live security events and eventually take action based on the AI’s recommendations, helping analysts move from investigation to response more quickly.