Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/JoseOlivares19/Proyecto-PC3-JavaScript-Avanzado/llms.txt

Use this file to discover all available pages before exploring further.

Cyber Sentinel classifies the severity of an active IT security incident into one of four levels. By combining failed login attempts, open network ports, known critical vulnerabilities, anomalous traffic, affected endpoints, and patch coverage, the model gives security teams an immediate severity verdict and a prioritised list of remediation steps.

Model Details

PropertyValue
Model keycyber-sentinel
EndpointPOST /predict/cyber-sentinel
Training samples300 synthetic samples
ClassifierRandomForestClassifier(n_estimators=180, max_depth=7, random_state=42, class_weight="balanced_subsample")

Output Labels

LabelMeaning
CRITICOImmediate response required — full incident-response protocol
ALTOHigh severity — escalate to security team now
MEDIOModerate severity — investigate and apply targeted controls
BAJOLow severity — continue monitoring and document evidence

Label Decision Logic

The labelling function computes a weighted risk score across all six inputs:
def label_cyber(row):
    logins, ports, vulns, traf, equipos, patch = row
    risk = (
        logins  * 0.25
        + ports   * 0.45
        + vulns   * 7
        + traf    * 0.8
        + equipos * 0.18
        + (100 - patch) * 0.65   # unpatched systems
    )
    if risk >= 115:
        return "CRITICO"
    if risk >= 75:
        return "ALTO"
    if risk >= 40:
        return "MEDIO"
    return "BAJO"
FeatureWeightNotes
intentos_login_fallidos×0.25Brute-force signal
puertos_abiertos×0.45Attack surface proxy
vulnerabilidades_criticas×7Highest per-unit weight
trafico_anomalo_pct×0.8Exfiltration / lateral movement signal
equipos_afectados×0.18Blast radius
(100 – parcheado_pct)×0.65Unpatched exposure

Input Fields

intentos_login_fallidos
integer
required
Total failed login attempts detected in the current incident window. Range: 0 – 200. Contributes 0.25 points each.
puertos_abiertos
integer
required
Number of externally reachable open ports identified on affected systems. Range: 0 – 100. Contributes 0.45 points each.
vulnerabilidades_criticas
integer
required
Count of unmitigated CVE-critical vulnerabilities present on affected assets. Range: 0 – 20. Carries the highest per-unit weight of 7 points each.
trafico_anomalo_pct
float
required
Percentage of observed network traffic classified as anomalous. Range: 0 – 100. Contributes 0.8 points per percentage point.
equipos_afectados
integer
required
Number of endpoints or servers confirmed as affected by the incident. Range: 0 – 500. Contributes 0.18 points each.
parcheado_pct
float
required
Percentage of systems in scope that have the latest security patches applied. Range: 0 – 100. Lower values increase risk — the model uses (100 – parcheado_pct) × 0.65.

Recommendations by Label

Recommendations are dynamic — the recommendation_cyber() function inspects the raw input values and appends specific tips:
ConditionRecommendation added
vulnerabilidades_criticas >= 5Prioritise patching critical vulnerabilities
trafico_anomalo_pct >= 50Analyse traffic and isolate anomalous network segments
intentos_login_fallidos >= 50Activate temporary account lockout and review credentials
parcheado_pct < 70Raise the patched-systems percentage before closing the incident
None of the aboveContinue monitoring and document incident evidence

Example Request & Response

curl -X POST http://localhost:8001/predict/cyber-sentinel \
  -H "Content-Type: application/json" \
  -d '{
    "intentos_login_fallidos": 90,
    "puertos_abiertos": 35,
    "vulnerabilidades_criticas": 8,
    "trafico_anomalo_pct": 65.0,
    "equipos_afectados": 120,
    "parcheado_pct": 45.0
  }'
{
  "caso": "CyberSentinel",
  "prediccion": "CRITICO",
  "confianza": 0.8833,
  "ranking": [
    { "clase": "CRITICO", "probabilidad": 0.8833 },
    { "clase": "ALTO",    "probabilidad": 0.0944 },
    { "clase": "MEDIO",   "probabilidad": 0.0167 },
    { "clase": "BAJO",    "probabilidad": 0.0056 }
  ],
  "recomendaciones": [
    "Priorizar parcheo de vulnerabilidades críticas.",
    "Analizar tráfico y aislar segmentos con comportamiento anómalo.",
    "Activar bloqueo temporal y revisión de credenciales.",
    "Elevar porcentaje de equipos parchados antes de cerrar el incidente."
  ],
  "entrada": {
    "intentos_login_fallidos": 90,
    "puertos_abiertos": 35,
    "vulnerabilidades_criticas": 8,
    "trafico_anomalo_pct": 65.0,
    "equipos_afectados": 120,
    "parcheado_pct": 45.0
  }
}

Response Fields

caso
string
Always "CyberSentinel" for this endpoint.
prediccion
string
Predicted severity label: CRITICO, ALTO, MEDIO, or BAJO.
confianza
float
Probability of the top prediction, rounded to 4 decimal places.
ranking
array
All four severity classes sorted by probability descending. Each element contains clase (string) and probabilidad (float).
recomendaciones
array
Dynamically generated list of remediation recommendations based on the specific input values and predicted label.
entrada
object
Echo of the exact request payload received by the server.
Unlike the other models, Cyber Sentinel recommendations are input-value-aware: the same predicted label can generate different recommendation lists depending on which thresholds the raw inputs cross. Always inspect recomendaciones rather than assuming a fixed message per label.

Build docs developers (and LLMs) love