Today's autonomous run

Every night, Sift Sentinel reads recent threat-intel news, picks attacker tradecraft worth testing, plants synthetic versions of it on a baseline Windows workstation, runs the autonomous pipeline against it, and writes down what it caught and what it missed. Below is the most recent run.

run date

tests passed

misses to learn from

rules promoted (all time)

What it read

Haiku searched public threat-intel for recent attacker tradecraft, then cited the sources it used to build today's test plan. Click to expand the full URLs.

› Loading sources...

What it asked sentinel to find

From the sources above, Haiku grouped attacker tradecraft into categories and planted synthetic test artifacts for each. The pipeline then has to find them.

What it caught vs missed

Each test artifact has an expected detection. The autonomous pipeline either matches the expected outcome (pass) or does not (miss). Misses become the seed for tomorrow's learnings.

What it learned

For every miss, Haiku synthesises a candidate rule. After lint, dedup, and human review, the rule joins the live store and changes future runs immediately. These are the rules currently shipped.

What is running right now

Pipelines that have started but have not yet hit a terminal state. Quiet here means the daily run has finished and no manual runs are open.

Submit a test

Got a tradecraft pattern sentinel should be tested against? File it here. Use example.invalid domains and ALLCAPS_PLACEHOLDER tokens for credentials so we know it is a test. Submissions are queued for human review before the next run picks them up.

Your name Artifact id (snake_case)

Type Expected detection

File path File content text

Hive Key path Value name Value data

Task install path Task XML

Source URL (optional, real threat-intel link) Why should sentinel catch this? (one paragraph)