{"id":50454020,"url":"https://github.com/mizcausevic-dev/sentinel-detection-coverage-board","last_synced_at":"2026-06-01T01:05:33.925Z","repository":{"id":360802813,"uuid":"1251778040","full_name":"mizcausevic-dev/sentinel-detection-coverage-board","owner":"mizcausevic-dev","description":"Operator surface for Microsoft Sentinel detection coverage, workspace health, connector gaps, analytics rules, and incident automation posture.","archived":false,"fork":false,"pushed_at":"2026-05-27T23:39:38.000Z","size":419,"stargazers_count":0,"open_issues_count":10,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-28T00:22:32.683Z","etag":null,"topics":["azure-security","detection-engineering","incident-response","microsoft-sentinel","soc","typescript"],"latest_commit_sha":null,"homepage":"https://sentinel.kineticgain.com/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mizcausevic-dev.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-27T22:52:10.000Z","updated_at":"2026-05-27T23:39:42.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/mizcausevic-dev/sentinel-detection-coverage-board","commit_stats":null,"previous_names":["mizcausevic-dev/sentinel-detection-coverage-board"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/mizcausevic-dev/sentinel-detection-coverage-board","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fsentinel-detection-coverage-board","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fsentinel-detection-coverage-board/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fsentinel-detection-coverage-board/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fsentinel-detection-coverage-board/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mizcausevic-dev","download_url":"https://codeload.github.com/mizcausevic-dev/sentinel-detection-coverage-board/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fsentinel-detection-coverage-board/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33755379,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure-security","detection-engineering","incident-response","microsoft-sentinel","soc","typescript"],"created_at":"2026-06-01T01:05:33.859Z","updated_at":"2026-06-01T01:05:33.920Z","avatar_url":"https://github.com/mizcausevic-dev.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# sentinel-detection-coverage-board\n\n[![CI](https://github.com/mizcausevic-dev/sentinel-detection-coverage-board/actions/workflows/ci.yml/badge.svg)](https://github.com/mizcausevic-dev/sentinel-detection-coverage-board/actions/workflows/ci.yml)\n[![License: AGPL v3](https://img.shields.io/badge/License-AGPL_v3-blue.svg)](./LICENSE)\n[![Deploy](https://github.com/mizcausevic-dev/sentinel-detection-coverage-board/actions/workflows/pages.yml/badge.svg)](https://github.com/mizcausevic-dev/sentinel-detection-coverage-board/actions/workflows/pages.yml)\n\nOperator control plane for Microsoft Sentinel workspace health, connector coverage, analytics rules, incident automation drift, and response sequencing.\n\n## Why this exists\n\n- Sentinel workspaces become dangerous when connector drift, disabled rules, and stale incidents stay trapped in raw admin state instead of one operator-readable surface.\n- Identity, endpoint, collaboration, and incident automation coverage need to stay visible together before audits, SOC drift, or tenant trust slip.\n- Recruiters looking for `Azure / Sentinel / SOC / detection engineering` proof should see a real detection-coverage dashboard, not a keyword page.\n- This repo turns Sentinel posture data into a control plane for connector gaps, high-severity detections, stale incidents, and operator packet sequencing.\n\n## Why this matters (KG Embedded tie-back)\n\nThis repo demonstrates the Microsoft Sentinel detection-coverage control-plane primitive for cloud and SOC operations: workspace health, detection findings, automation posture, and incident packets in one operator surface. Kinetic Gain Embedded extends this pattern into productized in-app dashboards where SOC, identity, endpoint, and collaboration teams need evidence-rich surfaces without exposing raw admin backends or workspace credentials. See [kineticgain.com/embedded](https://kineticgain.com/embedded).\n\n## What it shows\n\n- `detection-lane` visibility for identity, endpoint, collaboration, and automation coverage in one dashboard\n- `coverage-gaps` detection for degraded workspaces, connector gaps, disabled coverage, and stale incident posture\n- incident packets for privileged access tuning, connector recovery, collaboration ingestion, and playbook repair\n- offline-safe analysis of captured synthetic Sentinel coverage exports\n- recruiter-facing Microsoft SOC proof that complements Defender, Entra, Intune, M365 retention, AWS, and GCP lanes\n\n## Routes\n\n- `/`\n- `/detection-lane`\n- `/coverage-gaps`\n- `/incident-posture`\n- `/verification`\n- `/docs`\n\n## API\n\n- `/api/dashboard/summary`\n- `/api/detection-lane`\n- `/api/coverage-gaps`\n- `/api/incident-posture`\n- `/api/verification`\n- `/api/sample`\n\n## Screenshots\n\n![Overview](./screenshots/01-overview-proof.png)\n![Detection lane](./screenshots/02-detection-lane-proof.png)\n![Coverage gaps](./screenshots/03-coverage-gaps-proof.png)\n![Incident posture](./screenshots/04-incident-posture-proof.png)\n\n## CLI\n\n```powershell\nnpx sentinel-detection-coverage fixtures/sentinel-coverage.json `\n    --format json|markdown|summary `\n    --now 2026-05-30T00:00:00Z `\n    --stale-detection-after-hours 48 `\n    --fail-on-high `\n    --out report.md\n```\n\nInput shape:\n\n```json\n{\n  \"workspaces\": [ ... ],\n  \"detections\": [ ... ]\n}\n```\n\n## Local Development\n\n```powershell\ncd sentinel-detection-coverage-board\nnpm install\nnpm run dev\n```\n\nOpen:\n- [http://127.0.0.1:5520/](http://127.0.0.1:5520/)\n- [http://127.0.0.1:5520/detection-lane](http://127.0.0.1:5520/detection-lane)\n- [http://127.0.0.1:5520/coverage-gaps](http://127.0.0.1:5520/coverage-gaps)\n- [http://127.0.0.1:5520/incident-posture](http://127.0.0.1:5520/incident-posture)\n- [http://127.0.0.1:5520/verification](http://127.0.0.1:5520/verification)\n\n## Validation\n\n- `npm run lint`\n- `npm run typecheck`\n- `npm run coverage`\n- `npm run build`\n- `npm run demo`\n- `npm run smoke`\n- `npm run prerender`\n- `npm run render:assets`\n\n## Production status\n\n| Aspect | Status |\n|--------|--------|\n| CI | Node 20 + 22 matrix — lint · typecheck · coverage · build · demo · smoke · prerender · `npm audit` |\n| License | [AGPL-3.0-or-later](./LICENSE) |\n| Deploy | Static prerender -\u003e **https://sentinel.kineticgain.com/** |\n| Data posture | Synthetic sample data only; no live Sentinel workspace credentials, customer events, or production incidents |\n| Suite | Part of the [Kinetic Gain Protocol Suite](https://suite.kineticgain.com/) operator portfolio · apex: [kineticgain.com](https://kineticgain.com) |\n\n## Docs\n\n- [Kinetic Gain Embedded tie-back](./docs/KINETIC_GAIN_EMBEDDED.md)\n- [Changelog](./CHANGELOG.md)\n\n## Composes with\n\n- [**`defender-exposure-ops-center`**](https://github.com/mizcausevic-dev/defender-exposure-ops-center) — Defender exposure posture\n- [**`entra-access-review-control-plane`**](https://github.com/mizcausevic-dev/entra-access-review-control-plane) — Entra access-review posture\n- [**`intune-device-compliance-ops`**](https://github.com/mizcausevic-dev/intune-device-compliance-ops) — Intune device compliance posture\n\nTogether they form a broader recruiter-facing Microsoft admin lane: tenant governance, endpoint trust, detection engineering, and SOC coverage proof.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmizcausevic-dev%2Fsentinel-detection-coverage-board","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmizcausevic-dev%2Fsentinel-detection-coverage-board","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmizcausevic-dev%2Fsentinel-detection-coverage-board/lists"}