Cyber Sentinel classifies the severity of an active IT security incident into one of four levels. By combining failed login attempts, open network ports, known critical vulnerabilities, anomalous traffic, affected endpoints, and patch coverage, the model gives security teams an immediate severity verdict and a prioritised list of remediation steps.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/JoseOlivares19/Proyecto-PC3-JavaScript-Avanzado/llms.txt
Use this file to discover all available pages before exploring further.
Model Details
| Property | Value |
|---|---|
| Model key | cyber-sentinel |
| Endpoint | POST /predict/cyber-sentinel |
| Training samples | 300 synthetic samples |
| Classifier | RandomForestClassifier(n_estimators=180, max_depth=7, random_state=42, class_weight="balanced_subsample") |
Output Labels
| Label | Meaning |
|---|---|
CRITICO | Immediate response required — full incident-response protocol |
ALTO | High severity — escalate to security team now |
MEDIO | Moderate severity — investigate and apply targeted controls |
BAJO | Low severity — continue monitoring and document evidence |
Label Decision Logic
The labelling function computes a weighted risk score across all six inputs:| Feature | Weight | Notes |
|---|---|---|
intentos_login_fallidos | ×0.25 | Brute-force signal |
puertos_abiertos | ×0.45 | Attack surface proxy |
vulnerabilidades_criticas | ×7 | Highest per-unit weight |
trafico_anomalo_pct | ×0.8 | Exfiltration / lateral movement signal |
equipos_afectados | ×0.18 | Blast radius |
(100 – parcheado_pct) | ×0.65 | Unpatched exposure |
Input Fields
Total failed login attempts detected in the current incident window. Range: 0 – 200. Contributes 0.25 points each.
Number of externally reachable open ports identified on affected systems. Range: 0 – 100. Contributes 0.45 points each.
Count of unmitigated CVE-critical vulnerabilities present on affected assets. Range: 0 – 20. Carries the highest per-unit weight of 7 points each.
Percentage of observed network traffic classified as anomalous. Range: 0 – 100. Contributes 0.8 points per percentage point.
Number of endpoints or servers confirmed as affected by the incident. Range: 0 – 500. Contributes 0.18 points each.
Percentage of systems in scope that have the latest security patches applied. Range: 0 – 100. Lower values increase risk — the model uses
(100 – parcheado_pct) × 0.65.Recommendations by Label
Recommendations are dynamic — therecommendation_cyber() function inspects the raw input values and appends specific tips:
| Condition | Recommendation added |
|---|---|
vulnerabilidades_criticas >= 5 | Prioritise patching critical vulnerabilities |
trafico_anomalo_pct >= 50 | Analyse traffic and isolate anomalous network segments |
intentos_login_fallidos >= 50 | Activate temporary account lockout and review credentials |
parcheado_pct < 70 | Raise the patched-systems percentage before closing the incident |
| None of the above | Continue monitoring and document incident evidence |
Example Request & Response
Response Fields
Always
"CyberSentinel" for this endpoint.Predicted severity label:
CRITICO, ALTO, MEDIO, or BAJO.Probability of the top prediction, rounded to 4 decimal places.
All four severity classes sorted by probability descending. Each element contains
clase (string) and probabilidad (float).Dynamically generated list of remediation recommendations based on the specific input values and predicted label.
Echo of the exact request payload received by the server.
Unlike the other models, Cyber Sentinel recommendations are input-value-aware: the same predicted label can generate different recommendation lists depending on which thresholds the raw inputs cross. Always inspect
recomendaciones rather than assuming a fixed message per label.