SENTINEL — AI-Powered Cyber Incident & Threat Intelligence Portal | MoD

 

I Built an AI-Powered Cyber Incident Portal Inspired by Military Defence Systems

How I combined Node.js, PostgreSQL, and Groq AI to build a real-time threat intelligence dashboard that looks like it belongs in a war room


When most developers build dashboards, they reach for Material UI, a purple gradient, and a couple of bar charts. I wanted to build something different — something that felt like it was actually deployed inside a military operations centre. Something that made you feel the weight of the data you were looking at.

That's how SENTINEL was born.

What Is SENTINEL?

SENTINEL is an open source AI-powered cyber incident reporting and threat intelligence portal, built to simulate the kind of system a defence organisation might use to monitor, triage, and respond to cyber threats in real time.

Live demo: sentinel-sp7p.onrender.com GitHub: github.com/CosmicViraj/sentinel-cyber-portal

It features:

  • A real-time threat dashboard with animated attack visualisations
  • AI-driven incident triage powered by Groq (LLaMA 3.3 70B)
  • A global threat map showing live attack vectors
  • Full incident registry with severity classification
  • Role-based access control with 5 clearance levels
  • An immutable audit log for compliance
  • Asset registry with health monitoring
  • An interactive AI chat assistant for threat intelligence queries

The Design Philosophy

The first decision I made was aesthetic. I didn't want another SaaS-looking dashboard. I wanted something that communicated urgency, classification, and operational weight.

I went with a military terminal aesthetic — dark backgrounds (#030a0f), cyan accent colours (#00d4ff), monospace typography (Share Tech Mono), and condensed military display fonts (Barlow Condensed). Every design choice was intentional:

  • Scanline overlay — a subtle CSS repeating gradient that adds the feel of an old CRT monitor
  • Grid background — barely visible lines that give depth without distraction
  • Blinking classification badgesRESTRICTED // MoD USE ONLY that pulse every 2 seconds
  • Severity colour coding — red for CRITICAL, amber for HIGH, cyan for MEDIUM, green for resolved

The result is a UI that makes you feel like you're actually monitoring something important.


The Tech Stack

I kept the stack lean and deployment-friendly:

  • Backend: Node.js + Express.js
  • Database: PostgreSQL with parameterised queries throughout
  • AI: Groq SDK with LLaMA 3.3 70B Versatile
  • Auth: JWT + bcryptjs with role-based middleware
  • Frontend: Vanilla HTML/CSS/JS — no framework needed
  • Deployment: Render.com (free tier)
  • Security: Helmet.js, CORS, rate limiting, SSL in production

No React, no bundler, no build step. Just clean files that deploy instantly.


The AI Integration

The most interesting part was integrating Groq's AI into the incident workflow. When a user reports an incident, SENTINEL automatically triggers an AI analysis in the background:

router.post('/', async (req, res) => {
  const { type, severity, affected_asset, description } = req.body;
  const { rows } = await pool.query(
    `INSERT INTO incidents (incident_number, type, severity, affected_asset, description, reporter_id)
     VALUES ($1,$2,$3,$4,$5,$6) RETURNING *`,
    [num, type, severity, affected_asset, description, req.user.id]
  );
  const incident = rows[0];

  // Trigger AI analysis asynchronously
  aiService.analyzeIncident(incident).then(analysis => {
    pool.query('UPDATE incidents SET ai_analysis=$1 WHERE id=$2', [analysis, incident.id]);
  }).catch(console.error);

  res.status(201).json(incident);
});

The AI returns a structured threat assessment including severity score, threat actor profile, attack vector, immediate actions, and risk assessment — all within seconds.

I also built:

  • Phishing URL scanner — paste a URL and get a VERDICT (Safe/Suspicious/Dangerous) with confidence percentage
  • Vulnerability assessment — describe a system and get CVEs, attack surface analysis, and hardening recommendations
  • Threat intelligence briefing — auto-generates a tactical briefing from recent incidents
  • AI chat assistant — an interactive SENTINEL AI persona that answers threat intelligence questions

The Global Threat Map

The animated threat map was the most fun to build. It's a pure HTML5 Canvas element that draws attack vectors in real time:

threats.forEach((t, i) => {
  const progress = ((animFrame + i * 12) % 120) / 120;

  // Draw attack line
  ctx.strokeStyle = color + '25';
  ctx.setLineDash([4, 6]);
  ctx.moveTo(originX, originY);
  ctx.lineTo(targetX, targetY);
  ctx.stroke();

  // Animate moving packet dot along line
  const px = originX + (targetX - originX) * progress;
  const py = originY + (targetY - originY) * progress;
  ctx.arc(px, py, 2, 0, Math.PI * 2);
  ctx.fillStyle = color;
  ctx.fill();
});

Each threat origin has a pulsing ring, a moving packet dot travelling toward the UK target, and a colour corresponding to its severity. It runs at ~25fps using setInterval and looks genuinely impressive.


The Deployment Journey

Getting this deployed was not without its challenges. The biggest lesson: always use lazy initialisation for API clients.

My original ai.service.js initialised the Groq client at the top level:

// This crashes the server if GROQ_API_KEY isn't set
const groq = new Groq({ apiKey: process.env.GROQ_API_KEY });

On Railway (my first deployment attempt), this caused the server to crash instantly on startup before even reading the environment variables. The fix was simple — lazy initialise inside a function:

// Only throws when actually called, not on startup
function getGroq() {
  return new Groq({ apiKey: process.env.GROQ_API_KEY });
}

Other deployment gotchas:

  • PostgreSQL SSL — always add ssl: { rejectUnauthorized: false } in production or connections will fail silently
  • PORT binding — use process.env.PORT || 5000 and bind to 0.0.0.0, not localhost
  • Run migrations on first deploy — set start command to node scripts/migrate.js && node src/server.js initially

What's Next

SENTINEL is open source and I'm actively looking for contributors. The roadmap includes:

  • Real-time WebSocket alerts for live incident notifications
  • Email/SMS notifications for critical incidents
  • Two-factor authentication
  • Integration with real threat intelligence feeds (OTX, MISP)
  • Mobile responsive layout
  • Docker support
  • PDF report export

If any of these interest you, check out the CONTRIBUTING.md — there are plenty of beginner-friendly issues too.


Try It Yourself

Live demo: sentinel-sp7p.onrender.com

Login with:

  • Username: admin / Password: Admin@Sentinel123
  • Username: analyst.patel / Password: Analyst@Sentinel123

GitHub: github.com/CosmicViraj/sentinel-cyber-portal

If you find it useful or interesting, a ⭐ on GitHub goes a long way. And if you build something on top of it — I'd love to see it.


Built with Node.js, PostgreSQL, Groq AI, and a lot of late nights.

— LeaarnFlow

Comments

Popular posts from this blog

Top 5 Programming Languages to Learn in 2025

How to Use ChatGPT and Other AI Tools for Content Creation

Top 5 Android Apps for Productivity in 2024