{"brand":{"name":"SentinelStack","tagline":"Runtime Security Infrastructure for Modern Engineering Teams."},"navigation":[{"label":"Product","href":"/product"},{"label":"Architecture","href":"/architecture"},{"label":"Security","href":"/security"},{"label":"Docs","href":"/docs"},{"label":"Pricing","href":"/pricing"}],"footer":{"groups":[{"title":"Product","links":[{"label":"Overview","href":"/product"},{"label":"Architecture","href":"/architecture"},{"label":"Pricing","href":"/pricing"},{"label":"Request Access","href":"/request-access"}]},{"title":"Developers","links":[{"label":"Documentation","href":"/docs"},{"label":"Site API","href":"/api/site"},{"label":"Policies API","href":"/api/policies"},{"label":"Requests API","href":"/api/requests"}]},{"title":"Company","links":[{"label":"Security","href":"/security"},{"label":"Docs","href":"/docs"},{"label":"Pricing","href":"/pricing"},{"label":"Contact Sales","href":"/request-access"}]}],"copyright":"Copyright 2026 SentinelStack, Inc.","legal":"Privacy | Terms | Security"},"home":{"hero":{"eyebrow":"Now in Private Beta | Runtime v2.4","title":"Security Infrastructure, Rebuilt for Runtime.","description":"SentinelStack gives engineering teams real-time threat detection, zero-trust enforcement, and policy automation at every layer of the stack.","actions":[{"label":"Request Early Access","href":"/request-access","variant":"primary"},{"label":"View Architecture","href":"/architecture","variant":"secondary"}],"stats":[{"value":"99.98%","label":"Detection Accuracy"},{"value":"<2ms","label":"Policy Latency"},{"value":"450+","label":"Integrations"},{"value":"10B+","label":"Events / Day"}]},"trustedBy":["Veritas","CoreShift","NovaPay","Stacklabs","Meridian","Orbitex","Fluxcore"],"problems":[{"code":"01","title":"Reactive by Design","description":"Traditional SIEM and EDR tools detect threats after the fact. By the time an alert fires, lateral movement is already underway."},{"code":"02","title":"Tool Fragmentation","description":"Security teams work across disconnected tooling with no shared runtime context, so correlation becomes manual and coverage gaps stay hidden."},{"code":"03","title":"No Runtime Visibility","description":"Logs do not capture what is happening at the process, network, and syscall layer in real time. Teams secure a map instead of the territory."}],"platform":{"tag":"Platform","title":"One platform. Complete coverage.","description":"SentinelStack sits at the intersection of observability and security, giving your team unified runtime context to detect, respond, and enforce at scale.","benefits":[{"title":"Real-time Threat Detection","description":"Behavioral analysis with sub-millisecond signal processing at the kernel layer."},{"title":"Policy-driven Automation","description":"Codify security posture as policy and auto-remediate deviations without human intervention."},{"title":"Zero-trust Runtime Enforcement","description":"Validate trust at every service boundary, in every environment, at all times."}],"dashboard":{"metrics":[{"label":"THREATS BLOCKED","value":"2,847","tone":"green"},{"label":"POLICY EVALS / s","value":"148K","tone":"blue"},{"label":"OPEN ALERTS","value":"3","tone":"warn"}],"bars":[30,55,40,75,90,60,45,80,50,95,65,40,70,55,35,60],"logs":[{"status":"allow","message":"svc/payments -> db:5432 [policy:pci-boundary]"},{"status":"block","message":"proc/node [uid:1001] -> /etc/shadow [syscall:open]"},{"status":"audit","message":"container/api-gateway egress:443 anomaly detected"},{"status":"allow","message":"svc/auth -> svc/user-mgmt [jwt:verified]"}]}},"capabilities":[{"code":"01","title":"Runtime Intelligence Engine","tagline":"kernel-level behavioral analysis","description":"Continuously profiles process trees, network flows, and syscalls to build a live behavioral baseline for every workload."},{"code":"02","title":"Continuous Policy Enforcement","tagline":"declarative security-as-code","description":"Define security posture in YAML or OPA. Auto-remediate violations at runtime with no human intervention required."},{"code":"03","title":"AI-assisted Threat Correlation","tagline":"LLM-augmented signal triage","description":"Correlates high-volume signals into prioritized threat chains and cuts analyst toil by 84 percent."},{"code":"04","title":"Infrastructure-wide Observability","tagline":"unified runtime telemetry","description":"One pane of glass across containers, VMs, serverless, and bare metal with minimal runtime overhead."},{"code":"05","title":"Secure DevOps Integration","tagline":"shift security left","description":"Native integrations with GitHub Actions, Terraform, Kubernetes, and the rest of your CI/CD pipeline."},{"code":"06","title":"Compliance Automation Layer","tagline":"evidence collection, automated","description":"Continuous monitoring for SOC 2, PCI DSS, ISO 27001, and HIPAA with generated audit evidence."}],"architecturePreview":{"title":"Designed for Modern Infrastructure Stacks","description":"A layered, composable architecture that integrates at the runtime layer instead of bolting on at the perimeter.","nodes":[{"label":"Applications","subtext":"containers | vms | serverless"},{"label":"Runtime Layer","subtext":"eBPF | syscalls"},{"label":"Detection Engine","subtext":"ML | behavioral"},{"label":"Policy Engine","subtext":"OPA | enforcement"},{"label":"Audit Logs","subtext":"immutable | SIEM"}]},"compliance":{"title":"Enterprise-grade security, by default.","paragraphs":["SentinelStack is built on a zero-trust architecture with end-to-end encryption in transit and at rest. All data is processed in isolated environments.","We maintain SOC 2 Type II controls and undergo continuous third-party penetration testing with validated cryptographic modules."],"badges":[{"name":"SOC 2 Type II","description":"Continuously audited"},{"name":"ISO 27001","description":"Certified ISMS"},{"name":"GDPR","description":"Data residency controls"},{"name":"Zero Trust","description":"NIST SP 800-207"}]},"cta":{"tag":"Get Started","title":"Redefine Runtime Security.","description":"Join forward-thinking engineering teams already securing their stack with SentinelStack.","action":{"label":"Request Early Access","href":"/request-access"}}},"product":{"hero":{"eyebrow":"Runtime v2.4 | Now Available","title":"The complete runtime security platform.","description":"From threat detection to compliance reporting, SentinelStack is the single platform security and engineering teams actually want to use.","actions":[{"label":"Start Free Trial","href":"/request-access","variant":"primary"},{"label":"Read the Docs","href":"/docs","variant":"secondary"}],"terminal":["$ sentinel detect --runtime --policy ./policies/","OK  Runtime agent connected [pid:4821]","OK  Policy bundle loaded [48 rules]","RUN Scanning runtime environment...","[INFO] Monitoring 347 processes","[INFO] Network baseline established","[WARN] Anomaly: proc/curl -> 198.51.100.42:4444","[BLOCK] Policy violation: egress-allowlist","-> Auto-remediated. Alert dispatched."]},"modules":[{"title":"Runtime Intelligence Engine","description":"Continuously profiles every process, network connection, and file operation across your infrastructure using eBPF probes.","items":["Kernel-level syscall monitoring","Process lineage and ancestry tracking","Network flow behavioral baselining","Container and host workload correlation"]},{"title":"AI Threat Correlation","description":"Correlates signals across the environment to surface high-confidence threat chains instead of raw alerts.","items":["Multi-signal threat chain construction","Natural language incident summaries","AI-guided response playbooks","MITRE ATT&CK mapping"]},{"title":"Policy Enforcement Engine","description":"Write policy as code in YAML or OPA and enforce it in real time at every layer of the stack.","items":["OPA-native policy language support","Automated violation remediation","Policy drift detection and alerting","GitOps-compatible versioning"]},{"title":"DevOps Integration Suite","description":"Integrates where engineers already work, from CI pipelines to admission control and collaboration tools.","items":["GitHub Actions and GitLab CI/CD","Kubernetes admission webhooks","Terraform and Pulumi scanning","Slack, PagerDuty, and Jira hooks"]}],"integrations":[{"name":"AWS","category":"Cloud Provider"},{"name":"Azure","category":"Cloud Provider"},{"name":"GCP","category":"Cloud Provider"},{"name":"GitHub","category":"Source Control"},{"name":"Kubernetes","category":"Orchestration"},{"name":"Docker","category":"Containers"},{"name":"Terraform","category":"Infrastructure"},{"name":"Datadog","category":"Observability"}],"workflow":[{"step":"01","tag":"5 minutes","title":"Deploy the Runtime Agent","description":"A single Helm chart or DaemonSet deploys SentinelStack's eBPF-based agent across your cluster with no restarts."},{"step":"02","tag":"automatic","title":"Baseline Your Environment","description":"SentinelStack profiles workloads over the first 24 hours and builds a behavioral baseline for every service, process, and network connection."},{"step":"03","tag":"policy-as-code","title":"Define Your Security Policy","description":"Use pre-built policy templates or write custom OPA policies directly in your repository."},{"step":"04","tag":"continuous","title":"Detect, Enforce and Respond","description":"Monitors in real time, enforces policies automatically, and sends prioritized threat chains to Slack, PagerDuty, or your SIEM."}],"comparison":{"columns":["Capability","Legacy SIEM","Traditional EDR","SentinelStack"],"rows":[["Runtime kernel visibility","No","No","Yes"],["Policy-as-code enforcement","No","No","Yes"],["Zero-agent eBPF observability","No","No","Yes"],["AI threat correlation","No","Partial","Yes"],["Native Kubernetes integration","No","Partial","Yes"],["Automated remediation","No","Partial","Yes"],["CI/CD integration","No","No","Yes"],["Compliance automation","Partial","No","Yes"]]},"cta":{"title":"See it in action.","description":"Get a personalized demo and see exactly how SentinelStack fits into your stack.","primary":{"label":"Request a Demo","href":"/request-access"},"secondary":{"label":"View Pricing","href":"/pricing"}}},"architecture":{"hero":{"tag":"How It's Built","title":"Designed for Modern Infrastructure Stacks.","description":"A deep dive into how SentinelStack is architected: layered, composable, and built from the ground up for runtime environments.","actions":[{"label":"View Technical Docs","href":"/docs","variant":"primary"},{"label":"Request Access","href":"/request-access","variant":"secondary"}]},"layers":[{"label":"Layer 1 / Ingestion","title":"Application Layer","description":"Your existing infrastructure with no workload modifications required.","chips":["Containers","Kubernetes Pods","VMs","Serverless Functions","Bare Metal","Service Mesh"]},{"label":"Layer 2 / Observation","title":"Runtime Telemetry Layer","description":"eBPF probes capture kernel events with minimal CPU overhead and no kernel modules.","chips":["eBPF Probes","Syscall Tracing","Network Flows","File I/O Events","Process Trees"]},{"label":"Layer 3 / Intelligence","title":"Detection Engine","description":"Behavioral analysis runs against a continuously updated baseline and detects anomalies in real time.","chips":["Behavioral ML","Anomaly Detection","Threat Chain Assembly","MITRE Mapping","Signal Correlation"]},{"label":"Layer 4 / Enforcement","title":"Policy Engine","description":"OPA-native policy evaluation with low latency and Git-backed policy synchronization.","chips":["OPA Runtime","Policy Bundles","Auto-remediation","Admission Control","Drift Detection"]},{"label":"Layer 5 / Persistence","title":"Audit and Integration Layer","description":"Tamper-evident audit logs stream to SIEM, ticketing, alerting, and archival systems.","chips":["Immutable Audit Log","SIEM Export","Slack / PagerDuty","S3 / GCS Archival","Compliance Reports"]}],"technologies":[{"badge":"CORE TECH","title":"eBPF Runtime Probes","description":"Extended Berkeley Packet Filter lets SentinelStack instrument the kernel safely with no reboots or workload changes.","spec":["Overhead: <0.5% CPU","Events/sec: 500K+ per node","Kernel: Linux 5.4+"]},{"badge":"POLICY ENGINE","title":"Open Policy Agent","description":"OPA provides a declarative, general-purpose policy language that can be enforced across Kubernetes, APIs, and runtime events.","spec":["Eval latency: <2ms p99","Rules: Unlimited","Format: Rego / YAML"]},{"badge":"STREAM PROCESSING","title":"Real-time Event Pipeline","description":"The event pipeline processes telemetry at 500K events/sec per node using a custom streaming engine optimized for security signal correlation.","spec":["Throughput: 10B events/day","Latency: <10ms end-to-end","Storage: Columnar + TS"]}],"performance":[{"value":"<0.5%","label":"CPU overhead","description":"eBPF probe impact per node at 500K events/sec"},{"value":"<2ms","label":"policy eval latency","description":"P99 policy evaluation at full load"},{"value":"500K","label":"events/sec/node","description":"Sustained telemetry throughput per agent"},{"value":"99.99%","label":"uptime SLA","description":"Control plane availability"}],"deployments":[{"title":"Kubernetes (Helm)","recommended":true,"description":"The fastest path to production. Deploy via Helm into any Kubernetes cluster.","code":["# Add the SentinelStack Helm repo","helm repo add sentinel https://charts.sentinelstack.io","","helm install sentinel sentinel/runtime-agent --namespace sentinel-system"]},{"title":"Docker / Compose","recommended":false,"description":"For teams not yet on Kubernetes. Run the agent as a privileged sidecar alongside your Docker workloads.","code":["# Pull and run the agent","docker pull sentinelstack/agent:latest","","docker run --privileged -v /sys:/sys:ro sentinelstack/agent"]},{"title":"Cloud-managed","recommended":false,"description":"Fully managed deployment with zero operational overhead. SentinelStack handles scaling, upgrades, and HA.","code":["# Terraform module","module \"sentinel\" {","  source = \"sentinelstack/aws\"","  region = var.aws_region","  cluster_id = var.cluster","}"]}]},"security":{"hero":{"tag":"Our Commitment","title":"Security is our product. And our practice.","description":"We hold ourselves to the same standards we help customers achieve. Here is how SentinelStack protects data and infrastructure.","actions":[{"label":"Request Security Review","href":"/request-access","variant":"primary"},{"label":"Contact Security Team","href":"/request-access","variant":"secondary"}]},"certifications":[{"title":"SOC 2 Type II","meta":"Security | Availability | Confidentiality","description":"Independently audited on an annual basis across the security, availability, and confidentiality trust service criteria.","status":"Continuously monitored"},{"title":"ISO 27001","meta":"Information Security Management System","description":"The internal ISMS is certified to ISO 27001:2022 and covers physical security, governance, and risk management.","status":"Certified and current"},{"title":"GDPR Compliant","meta":"EU Data Residency | DPA Available","description":"Full GDPR support with EU data residency options, data processing agreements, and a dedicated privacy workflow.","status":"DPA available on request"},{"title":"Zero Trust Architecture","meta":"Aligned with NIST SP 800-207","description":"Internal systems follow zero-trust principles with no implicit trust, continuous verification, and least-privilege access.","status":"Third-party verified"}],"principles":[{"code":"01","title":"Never Implicit Trust","description":"Every request is authenticated and authorized on its own merit. Network location grants no trust."},{"code":"02","title":"Least Privilege Access","description":"All human and machine identities receive only the permissions required for their function."},{"code":"03","title":"Assume Breach Posture","description":"The platform is designed for blast-radius minimization, lateral movement prevention, and real-time anomaly detection."}],"encryption":[{"title":"Encryption in Transit","description":"All data in transit is encrypted using TLS 1.3 with forward secrecy and modern cipher enforcement."},{"title":"Encryption at Rest","description":"Customer data is encrypted at rest using AES-256-GCM with per-customer encryption keys."},{"title":"Key Management","description":"Enterprise plans support BYOK. SentinelStack never stores customer master keys."},{"title":"Single-tenant Isolation","description":"Enterprise customers run in dedicated compute environments with strict tenant isolation."},{"title":"FIPS-aligned Crypto","description":"Validated cryptographic modules are available for regulated and government workloads."},{"title":"Data Residency","description":"Choose US, EU, or APAC data residency. Data stays in-region unless customers explicitly approve otherwise."}],"pentests":[{"date":"Q1 2025","title":"External Network Pentest","description":"Full external attack surface assessment including API endpoints, auth flows, and network perimeter review.","result":"0 critical | 0 high findings"},{"date":"Q4 2024","title":"Red Team Exercise","description":"A 48-hour red team engagement simulating an advanced persistent threat targeting customer data.","result":"No data exfiltration achieved"},{"date":"Continuous","title":"Bug Bounty Program","description":"Public bug bounty program with rewards up to 50000 USD for critical vulnerabilities.","result":"280K+ paid to researchers"}],"disclosure":{"title":"Found a vulnerability?","description":"We take security reports seriously. SentinelStack commits to a 24-hour acknowledgement and a 90-day remediation target for responsible disclosures.","email":"security@sentinelstack.io","pgp":["-----BEGIN PGP PUBLIC KEY BLOCK-----","mQINBGR4K...","xQEzAA/pK3nv7Bm...","9wLm+TjAa/3K...","-----END PGP PUBLIC KEY BLOCK-----","Fingerprint: A4F2 9B3C 7E1D ... 08AF"]}},"pricing":{"hero":{"tag":"Pricing","title":"Simple, transparent pricing.","description":"Start free, scale as you grow, and pay for what you use without per-seat surprises for engineers."},"annualDiscount":"Save 20%","plans":[{"key":"starter","name":"Starter","monthlyPrice":0,"annualPrice":0,"priceLabel":"/mo","tagline":"For small teams and individual engineers exploring runtime security.","popular":false,"cta":{"label":"Get Started Free","href":"/request-access","variant":"secondary"},"features":[{"label":"Up to 5 nodes","included":true},{"label":"Core threat detection","included":true},{"label":"30-day event retention","included":true},{"label":"Community policy templates","included":true},{"label":"Slack integration","included":true},{"label":"Custom policies","included":false},{"label":"AI threat correlation","included":false},{"label":"Compliance reports","included":false}]},{"key":"pro","name":"Pro","monthlyPrice":299,"annualPrice":239,"priceLabel":"/mo","tagline":"For engineering teams that need complete runtime visibility and enforcement.","popular":true,"cta":{"label":"Start 14-day Trial","href":"/request-access","variant":"primary"},"features":[{"label":"Up to 50 nodes","included":true},{"label":"Full threat detection suite","included":true},{"label":"1-year event retention","included":true},{"label":"Custom policy authoring","included":true},{"label":"AI threat correlation","included":true},{"label":"CI/CD pipeline integration","included":true},{"label":"SOC 2 compliance report","included":true},{"label":"Priority Slack support","included":true}]},{"key":"enterprise","name":"Enterprise","monthlyPrice":null,"annualPrice":null,"custom":"Custom","tagline":"For organizations with complex environments, compliance requirements, or large scale.","popular":false,"cta":{"label":"Talk to Sales","href":"/request-access","variant":"secondary"},"features":[{"label":"Unlimited nodes","included":true},{"label":"Dedicated infrastructure","included":true},{"label":"Custom data retention","included":true},{"label":"BYOK encryption","included":true},{"label":"SSO / SAML / SCIM","included":true},{"label":"Custom SLA (99.99%)","included":true},{"label":"Full compliance suite","included":true},{"label":"Dedicated CSM and support","included":true}]}],"enterpriseCallout":{"title":"Need more than 50 nodes?","description":"Enterprise is built for organizations running hundreds to tens of thousands of nodes with dedicated infrastructure, custom SLAs, and a customer success manager.","perks":["Unlimited nodes and data retention","Single-tenant dedicated compute","Custom compliance frameworks","24/7 dedicated support with a 15-minute SLA"]},"comparison":[{"group":"Infrastructure","rows":[["Nodes","Up to 5","Up to 50","Unlimited"],["Kubernetes support","Yes","Yes","Yes"],["Multi-cluster","No","Up to 5","Unlimited"],["Dedicated infrastructure","No","No","Yes"]]},{"group":"Detection and Response","rows":[["Runtime threat detection","Core rules","Full suite","Full + custom"],["AI threat correlation","No","Yes","Yes"],["Custom detection rules","No","Yes","Yes"],["Automated remediation","No","Yes","Yes"]]},{"group":"Policy","rows":[["Pre-built policy templates","Yes","Yes","Yes"],["Custom policy authoring","No","Yes","Yes"],["GitOps policy workflow","No","Yes","Yes"]]},{"group":"Compliance","rows":[["Event retention","30 days","1 year","Custom"],["SOC 2 reports","No","Yes","Yes"],["ISO 27001 evidence","No","No","Yes"],["HIPAA / PCI DSS","No","No","Yes"]]},{"group":"Security","rows":[["Encryption (AES-256)","Yes","Yes","Yes"],["SSO / SAML","No","SAML","SAML + SCIM"],["Bring Your Own Key","No","No","Yes"]]},{"group":"Support","rows":[["Community support","Yes","Yes","Yes"],["Priority support","No","Slack","24/7 dedicated"],["Dedicated CSM","No","No","Yes"],["Uptime SLA","99.9%","99.95%","99.99%"]]}],"faqs":[{"question":"What counts as a node?","answer":"A node is any compute instance running the SentinelStack agent, including Kubernetes worker nodes, VMs, and bare metal servers."},{"question":"Can I change plans later?","answer":"Yes. Upgrades take effect immediately and downgrades apply at the start of the next billing cycle."},{"question":"Is there a free trial for Pro?","answer":"All new accounts get a 14-day trial of the Pro plan with full features and no credit card required."},{"question":"How does annual billing work?","answer":"Annual plans are billed upfront for 12 months at a 20 percent discount versus monthly pricing."},{"question":"Do you offer startup discounts?","answer":"Yes. Qualifying startups can access discounted Pro pricing through the startup program."},{"question":"What happens if I exceed my node limit?","answer":"We notify customers before they hit plan limits and work with them on the right upgrade path."}]},"docs":{"sidebar":[{"heading":"Getting Started","links":["Introduction","Quick Start","Installation","Authentication","Core Concepts"]},{"heading":"Runtime Agent","links":["Overview","Kubernetes Deploy","Docker Deploy","Configuration","eBPF Probes","Performance Tuning"]},{"heading":"Policy Engine","links":["Writing Policies","OPA Integration","Policy Templates","Testing Policies","GitOps Workflow"]},{"heading":"Detection","links":["Threat Detection","Custom Rules","Alert Configuration","MITRE ATT&CK"]},{"heading":"Integrations","links":["Slack","PagerDuty","Splunk / SIEM","GitHub Actions","Terraform"]}],"hero":{"eyebrow":"Runtime v2.4 | Latest","title":"Welcome to SentinelStack Docs","description":"Everything you need to deploy, configure, and get the most out of SentinelStack. Start with the quick start guide or browse by topic in the sidebar.","quickstarts":[{"title":"Quick Start","description":"Deploy the agent and detect your first threat in under 10 minutes.","time":"~10 min"},{"title":"Write a Policy","description":"Create your first runtime policy using OPA-friendly YAML.","time":"~15 min"},{"title":"Connect Slack","description":"Route threat alerts directly to your team's Slack channels.","time":"~5 min"}]},"sections":[{"id":"overview","title":"What is SentinelStack?","paragraphs":["SentinelStack is a runtime security platform that uses eBPF technology to observe, detect, and enforce security policies across infrastructure without modifying workloads.","Unlike log-first security tools, SentinelStack operates at the kernel layer and gives teams real-time visibility into process, network, and file activity."],"callout":{"tone":"info","text":"Prerequisites: Linux kernel 5.4+ is required for eBPF support. SentinelStack supports EKS, GKE, AKS, and self-managed Kubernetes 1.24+."}},{"id":"installation","title":"Installation","paragraphs":["The fastest way to get started is via the Helm chart. This deploys the SentinelStack agent as a DaemonSet so every node in the cluster is instrumented."],"steps":[{"title":"1. Add the Helm Repository","language":"bash","code":["# Add SentinelStack Helm repository","helm repo add sentinel https://charts.sentinelstack.io","helm repo update"]},{"title":"2. Create the Namespace","language":"bash","code":["kubectl create namespace sentinel-system"]},{"title":"3. Install the Agent","language":"bash","code":["helm install sentinel sentinel/runtime-agent \\","  --namespace sentinel-system \\","  --set apiKey=\"YOUR_API_KEY\" \\","  --set cluster.name=\"production\" \\","  --set policy.gitopsEnabled=true"]}],"callout":{"tone":"success","text":"The agent self-configures and begins baselining the environment immediately. Expect the first behavioral baseline within 24 hours."}},{"id":"policy","title":"Writing Your First Policy","paragraphs":["Policies in SentinelStack are written in YAML with OPA Rego support for complex logic. Policies are evaluated against every runtime event in the environment."],"steps":[{"title":"POLICY STRUCTURE","language":"yaml","code":["apiVersion: sentinel.io/v1","kind: RuntimePolicy","metadata:","  name: block-shell-spawn","  namespace: production","spec:","  description: \"Block shell execution inside containers\"","  action: BLOCK","  severity: HIGH","  match:","    event: PROCESS_EXEC","    process:","      name: [\"sh\", \"bash\", \"zsh\"]","    container:","      running: true"]}],"callout":{"tone":"warning","text":"Always test policies in AUDIT mode before switching to BLOCK. Use sentinel policy test against recorded events before deploying."}},{"id":"api","title":"API Reference","paragraphs":["The SentinelStack REST API lets teams manage policies, retrieve events, and configure integrations programmatically."],"steps":[{"title":"AUTHENTICATION","language":"bash","code":["curl https://api.sentinelstack.io/v1/events \\","  -H \"Authorization: Bearer YOUR_API_KEY\" \\","  -H \"Content-Type: application/json\""]}],"endpoints":[{"method":"GET","endpoint":"/v1/events","description":"List runtime events with filters"},{"method":"GET","endpoint":"/v1/threats","description":"List detected threat chains"},{"method":"POST","endpoint":"/v1/policies","description":"Create a new runtime policy"},{"method":"PUT","endpoint":"/v1/policies/:id","description":"Update an existing policy"},{"method":"DELETE","endpoint":"/v1/policies/:id","description":"Delete a policy by ID"},{"method":"GET","endpoint":"/v1/agents","description":"List all connected agents"}]}],"docNav":{"previous":"What is SentinelStack?","next":"Kubernetes Installation"}},"requestAccess":{"hero":{"tag":"Request Access","title":"Turn the mockup into a usable demo.","description":"This page submits to a JSON-backed Next.js API so the project is no longer a static design. New access and demo requests are stored in data/requests.json."},"benefits":["JSON file storage for local demo data","Reusable API routes for site content and requests","Structured lead capture instead of dead CTA buttons"]}}