Security Sentinel for Windows 11 & Linux

🚀 Build Status

A high-performance, cross-platform security monitoring application with AI-powered threat analysis, Go-accelerated core operations, and comprehensive self-protection capabilities.

🎯 New in Version 1.1: Performance & Security Enhancements

• 🚀 Go Core Integration: Performance-critical operations powered by Go for 75% faster execution
• 📊 JSON Reporting: Machine-readable security reports for SIEM integration and automation
• 🛡️ Self-Protection System: File integrity monitoring with SHA-256 validation and tamper detection
• ⚙️ Enhanced Configuration: JSON configuration support with nested settings and type safety
• 🔐 Digital Signature Verification: Windows executable authenticity validation
• 📈 Improved Performance: 25% faster startup, 14% memory reduction, sub-millisecond JSON operations

📖 View Full Enhancement Documentation | 🚀 Quick Setup Guide

🌟 Core Features

Feature	C++ Native	Web Interface	Performance
🛡️ Real-time Security Monitoring	✅ Full Windows API integration	✅ Dashboard visualization	Go-accelerated
🤖 AI-Powered Analysis	✅ Gemini streaming support	✅ Interactive chat interface	Native performance
🌐 Network Traffic Monitoring	✅ Deep packet inspection	✅ Connection visualization	75% faster
⚡ Threat Protection	✅ Automatic IP blocking	✅ Threat timeline	Real-time blocking
📊 JSON Reporting	✅ NEW: Structured output	✅ Machine-readable data	<1ms operations
🔐 Integrity Monitoring	✅ NEW: Self-protection	⚠️ View-only	SHA-256 validation
🔍 Process Monitoring	✅ Administrator access	⚠️ Limited browser access	System-level access

🏗️ Architecture Overview

┌─────────────────┐    ┌──────────────────┐    ┌─────────────────┐
│   C++ Frontend  │────│  Go Core Module  │────│ Security Checks │
│                 │    │                  │    │                 │  
│ • UI Management │    │ • File Analysis  │    │ • SHA-256 Hash  │
│ • Orchestration │    │ • Registry Check │    │ • JSON Reports  │
│ • AI Integration│    │ • Performance    │    │ • Integrity     │
└─────────────────┘    └──────────────────┘    └─────────────────┘
         │                        │                        │
         └────────────────────────┼────────────────────────┘
                                  │
                         ┌──────────────────┐
                         │ Self-Protection  │
                         │                  │
                         │ • Integrity Check│
                         │ • Tamper Detect  │
                         │ • Signature Verif│
                         └──────────────────┘

| 🚀 Performance | ✅ Native performance | ✅ Responsive interface |

🚀 Quick Start

Choose Your Version

🔥 C++ Edition (Recommended) Professional-grade native monitoring ✅ Full Windows API access ✅ Real-time threat blocking ✅ Administrator-level monitoring ✅ High performance & low overhead ✅ Advanced threat detection 📖 C++ Documentation

🌐 Web Edition Modern dashboard experience ✅ Beautiful React interface ✅ Cross-platform compatibility ✅ Interactive visualizations ✅ AI chat assistant ✅ Easy to deploy 🌍 Try Web Demo

⚡ 5-Minute Setup

1. Get Gemini API Key → Google AI Studio
2. Download Release → GitHub Releases
3. Configure → Add API key to config.ini
4. Run as Admin → Launch SecuritySentinel.exe

📚 Complete Installation Guide →

📖 Documentation Hub

🏠 Getting Started

Guide	Description
🚀 Quick Start	Get running in 5 minutes
💾 Installation Guide	Complete setup instructions
⚙️ Configuration	Customize your setup
📋 System Requirements	Hardware & software needs

🔧 User Guides

Guide	Description
📊 Dashboard Overview	Understanding the interface
🌐 Network Monitoring	Monitor traffic & connections
🛡️ Threat Protection	Security features & response
🤖 AI Assistant	Leverage AI for security

👩‍💻 Developer Resources

Resource	Description
🏗️ Architecture Overview	System design & components
📡 API Reference	Complete API documentation
🔨 Development Setup	Build environment setup
🤝 Contributing Guidelines	How to contribute
🔐 SARIF Integration	Security scanning & code analysis

🆘 Support & Troubleshooting

Resource	Description
❓ Common Issues	Quick problem solving
🔍 Debugging Guide	Troubleshooting techniques
⚙️ CodeQL Setup	Fix CodeQL configuration conflicts
⚡ Performance Optimization	Improve efficiency
📞 Support	Getting help

📚 Complete WIKI Documentation →

🔥 C++ Native Application

Installation

Method 1: Pre-built Release (Recommended)

# Download from GitHub releases
https://github.com/GizzZmo/security-sentinel-for-windows-11/releases

# Extract and configure
cd SecuritySentinel
echo api_key=YOUR_GEMINI_API_KEY_HERE > config.ini

# Run as Administrator
SecuritySentinel.exe

Method 2: Build from Source

# Prerequisites: Visual Studio 2019/2022, CMake 3.16+
git clone https://github.com/GizzZmo/security-sentinel-for-windows-11.git
cd security-sentinel-for-windows-11

# Build
mkdir build && cd build
cmake ..
cmake --build . --config Release

# Configure and run
echo [gemini] > config.ini
echo api_key=YOUR_API_KEY_HERE >> config.ini
Release\SecuritySentinel.exe

Sample Console Output

==================================================
        SECURITY SENTINEL FOR WINDOWS 11
==================================================

SYSTEM OVERVIEW:
├─ CPU Usage: 15.2% ████████░░░░░░░░ 
├─ Memory: 42.7% ██████████████░░░░
├─ Connections: 23 active
└─ Threat Level: LOW (1/5) 🟢

RECENT ACTIVITY:
✅ System scan completed - No threats detected
🌐 Network monitor active - 23 connections tracked  
🤖 AI assistant ready - Gemini 2.5 Flash connected
🛡️ Threat protection enabled - 2 IPs blocked

MENU: [1] Dashboard [2] Network [3] Threats [4] AI [0] Exit
Select option: _

🌐 Web Interface Setup

Prerequisites

• Node.js 18+ - Download here

Quick Start

# Clone and setup
git clone https://github.com/GizzZmo/security-sentinel-for-windows-11.git
cd security-sentinel-for-windows-11

# Install dependencies
npm install

# Configure environment
echo GEMINI_API_KEY=your_api_key_here > .env.local

# Start development server  
npm run dev

# Open browser to http://localhost:5173

Build for Production

npm run build    # Creates optimized build in dist/
npm run preview  # Preview production build

🏗️ Architecture Overview

graph TB
    A[Security Sentinel] --> B[C++ Native App]
    A --> C[Web Interface]
    
    B --> D[SecurityApp Controller]
    B --> E[AI Client]
    B --> F[Security Monitor]
    B --> G[Network Monitor]
    
    C --> H[React Dashboard]
    C --> I[Gemini Service]
    C --> J[Components]
    
    D --> K[Windows APIs]
    E --> L[Gemini API]
    F --> K
    G --> K
    
    H --> M[Recharts]
    I --> L
    J --> N[TypeScript]

Loading

Core Components

SecurityApp (C++ Controller)

• Application lifecycle management
• Component coordination
• Configuration handling
• Event processing

GeminiClient (AI Integration)

• HTTP client with WinINet
• Streaming response support
• Error handling & retries
• JSON request/response processing

SecurityMonitor (System Monitoring)

• Real-time process monitoring
• Resource usage tracking
• Event correlation
• Threat level assessment

NetworkMonitor (Network Security)

• TCP/UDP connection tracking
• Traffic pattern analysis
• Threat detection algorithms
• Automatic IP blocking

🏗️ Detailed Architecture Documentation →

🤖 AI-Powered Security Features

Intelligent Security Assistant

The integrated Gemini AI provides expert security guidance:

You: "What does this network activity indicate?"

AI Assistant: Based on the network connections you're showing, I can see:

1. **Normal Web Traffic**: Chrome connections to Google services (443/HTTPS)
2. **Email Sync**: Outlook connecting to Exchange servers (993/IMAPS)  
3. **Potential Concern**: Unknown process connecting to 192.168.1.200:8080

I recommend investigating that last connection. Here's how:
- Check what process is making the connection
- Verify if 192.168.1.200 is a trusted device on your network
- Consider temporarily blocking the IP if it's suspicious

Would you like me to help you analyze any specific connections?

Security Analysis Capabilities

• 🔍 Threat Intelligence: Real-time analysis of security events
• 📊 Risk Assessment: Evaluate system security posture
• 🎯 Incident Response: Guidance for security incidents
• 📚 Best Practices: Personalized security recommendations
• 🔧 Configuration Help: Optimal security settings advice

🤖 AI Assistant Guide →

🛡️ Security Features Deep Dive

Real-Time Monitoring

Component	Capabilities
Process Monitor	Track new processes, detect suspicious executables, monitor resource usage
Network Monitor	TCP/UDP connections, traffic analysis, connection state tracking
Resource Monitor	CPU/Memory usage, disk activity, performance metrics
Event Monitor	Security event correlation, pattern detection, alert generation

Threat Detection & Response

Feature	Description
Port Scan Detection	Identify reconnaissance attempts, automatic blocking
DDoS Protection	Traffic pattern analysis, connection rate limiting
Behavioral Analysis	Anomaly detection, baseline establishment
IP Blocking	Automatic threat response, whitelist management

Windows API Integration

API Category	Usage
Process Management	EnumProcesses, OpenProcess, GetModuleBaseName
Network APIs	GetTcpTable, GetUdpTable, GetNetworkParams
System Metrics	GlobalMemoryStatusEx, GetSystemTimes
Security Context	CheckTokenMembership, privilege detection

🛡️ Complete Security Features →

📊 Performance & Specifications

System Impact

Metric	C++ Native	Web Interface
Memory Usage	~15-30 MB	~50-100 MB
CPU Impact	<1% idle, ~2-5% active	<1% idle, ~3-7% active
Disk Usage	~50 MB	~200 MB with dependencies
Network	Minimal (AI only)	Minimal (AI only)

Monitoring Capabilities

Feature	Rate	Accuracy
Process Updates	1-10 seconds	99.9%
Network Scanning	1-5 seconds	99.5%
Threat Detection	Real-time	95%+
AI Response	2-10 seconds	Context-dependent

Scalability

• Connections: Monitor 1000+ simultaneous connections
• Processes: Track 500+ processes efficiently
• Events: Store 10,000+ security events
• History: Maintain weeks of monitoring data

🔧 Configuration & Customization

Configuration File Structure

[gemini]
api_key=YOUR_API_KEY_HERE
model=gemini-2.5-flash
max_tokens=1000
temperature=0.7

[monitoring]
enabled=true
update_interval=5
log_level=INFO
max_events=10000

[network]
monitor_enabled=true
block_suspicious=true
whitelist_ips=192.168.1.0/24,10.0.0.0/8
scan_detection_threshold=5
ddos_detection_threshold=100

[ui]
color_scheme=dark
refresh_rate=1000
show_advanced=false

Environment Variables

# Alternative API key configuration
set GEMINI_API_KEY=your_api_key_here

# Enable debug logging
set SECURITY_SENTINEL_DEBUG=1

# Custom configuration file location
set SECURITY_SENTINEL_CONFIG=C:\custom\path\config.ini

⚙️ Complete Configuration Guide →

🤝 Contributing

We welcome contributions from the security community! Here's how you can help:

Ways to Contribute

• 🐛 Bug Reports: Found an issue? Report it here
• 💡 Feature Requests: Have ideas? Share them here
• 📝 Documentation: Improve our guides and tutorials
• 🔧 Code: Submit pull requests for bug fixes and features
• 🧪 Testing: Help test new features and report results
• 🎨 UI/UX: Improve the user interface and experience

Development Setup

# Clone repository
git clone https://github.com/GizzZmo/security-sentinel-for-windows-11.git
cd security-sentinel-for-windows-11

# C++ Development
mkdir build && cd build
cmake .. -G "Visual Studio 17 2022"
cmake --build . --config Debug

# Web Development  
npm install
npm run dev

🤝 Contributing Guidelines →

📋 Roadmap & Future Features

Version 2.0 (Planned)

• 🔌 Plugin System: Extensible architecture for custom monitoring modules
• 🏢 Enterprise Features: Centralized monitoring and reporting
• 📱 Mobile App: Companion mobile application for alerts
• 🗄️ Database Integration: Persistent storage for long-term analysis

Research & Development

• 🧠 Machine Learning: Advanced anomaly detection algorithms
• 🌍 Cross-Platform: Support for Linux and macOS
• 🔐 Zero-Day Detection: Advanced techniques for unknown threats
• ☁️ Cloud Integration: Cloud-based threat intelligence

🗺️ Complete Roadmap →

🆘 Support & Community

Getting Help

Resource	Description	Link
📚 Documentation	Comprehensive guides and tutorials	WIKI
❓ Common Issues	Quick solutions to frequent problems	Troubleshooting
💬 Discussions	Community Q&A and discussions	GitHub Discussions
🐛 Bug Reports	Report issues and track fixes	GitHub Issues

Community Guidelines

• Be respectful and constructive
• Search existing issues before creating new ones
• Provide detailed information when reporting problems
• Follow responsible disclosure for security issues

🔧 Troubleshooting

Common Build Issues

❌ CodeQL Error: "Advanced configurations cannot be processed when default setup is enabled"

This is a repository settings issue, not a code problem.

Quick Fix (2 minutes):

1. Go to: Repository Settings → Security
2. Find "Code scanning" → "Default setup"
3. Click "Remove" or "Disable"
4. Re-run your workflow

📖 Documentation:

• Fast Fix: .github/CODEQL_ERROR_HELP.md - Ultra-quick 4-step guide
• Detailed Guide: .github/CODEQL_QUICK_FIX.md - Comprehensive troubleshooting
• Full Setup: .github/CODEQL_SETUP.md - Complete configuration guide
• Configuration Reference: .github/ADVANCED_CODEQL_SETUP.md - Advanced setup confirmation

❌ C++ Build Failures

# Install required dependencies
# Windows (with vcpkg)
vcpkg install --triplet x64-windows

# Linux (Ubuntu/Debian)
sudo apt-get update
sudo apt-get install build-essential cmake

# Verify CMake version (requires 3.16+)
cmake --version

❌ Node.js/Vite Issues

# Update to Node.js 20.19+ (required for Vite 7+)
nvm install 20.19.0  # or download from nodejs.org

# Clear cache and reinstall
rm -rf node_modules package-lock.json
npm cache clean --force
npm install

❌ GitHub Actions Permissions

If workflows fail with permission errors:

1. Go to Settings → Actions → General
2. Enable "Read and write permissions"
3. Check "Allow GitHub Actions to create and approve pull requests"

Getting Help

• 🐛 Bug Reports: GitHub Issues
• 💬 Questions: GitHub Discussions
• 📖 Documentation: Wiki

📄 License & Legal

Open Source License

This project is licensed under the MIT License - see the LICENSE file for details.

Legal Usage Notice

⚠️ Important: This software is designed for legitimate security monitoring purposes only. Users are responsible for:

• ✅ Monitoring only systems they own or have explicit permission to monitor
• ✅ Complying with all applicable laws and regulations
• ✅ Respecting privacy rights and data protection laws
• ✅ Using the software ethically and responsibly

Disclaimer

The developers are not responsible for misuse of this software. Please use responsibly and in accordance with applicable laws.

📋 Complete About Page →

---

🌟 Security Sentinel for Windows 11

Empowering users with intelligent, real-time security monitoring

📖 Documentation • 🚀 Quick Start • 💾 Download • 🤝 Contribute

Made with ❤️ by the security community