Sentry · Email-threat triage
Submit an email. Get a verdict in seconds.
Sentry fans an inbound message out to four specialist analyzers in parallel, fuses their signals into a single verdict, and returns an LLM-generated natural-language explanation of why it ruled the way it did. Every path you see in this demo hits the same orchestrator and broker that production clients use — no mocked results.
Run a full scan
Paste raw email text or upload an .eml.
The orchestrator dispatches to every tool and returns the fused
verdict with per-signal breakdown.
Open full scan →
Try per-tool demos
Submit through the orchestrator with the tools
filter so only one analyzer runs. Useful for debugging a single
signal in isolation.
Browse tool demos →
What runs behind the scenes
- Header analyzer
- SPF / DKIM / DMARC alignment plus heuristic checks on forensic headers (Received chains, Message-ID spoofing).
- URL scanner
- Threat-intel lookups (VirusTotal, Google Web Risk, PhishTank) and pattern checks against every embedded link.
- Domain reputation
- RDAP registration data, age heuristics, and domain intel against the sender's envelope-from domain.
- Attachment scanner
- File-type + macro + hash-reputation checks on every attachment. Returns red on VT hits or risky MIME types.
The orchestrator waits for the tool fan-in, runs verdict fusion,
asks the configured LLM (Azure OpenAI in canary) for a
human-readable explanation, and writes the result to the
sentry/pipeline-event MQTT topic so
downstream consumers (this demo page, the admin portal, audit
stores) receive the same payload.