Deployment Ready: Fixed scam detection low confidence, added production audit report, optimized throttles
1838600 Topic 20: Observability & Metrics Architecture
Audit Date: 2026-02-01 Auditor: Agent Antigravity Scope: Monitoring & Telemetry
1. Deep Telemetry Engine (telemetry.py)
The system does not just log text; it builds a Digital Fingerprint of the attacker.
- Real Geo-Location: Uses
ip-api.comto fetch Country, ISP, and Proxy status. - Hardware Fingerprinting:
- Captures
Screen Resolution,Timezone, andHardware Concurrencyvia the "Silent Beacon" JS in decoy pages. - Goal: Distinguish between a Human Scammer (Mobile Device) and a Bot (Headless Server).
- Captures
- Evidence:
TelemetryCollector.track_request()->_generate_fingerprint().
2. Prometheus Metrics Integration
The system exposes standard Prometheus-compatible metrics for dashboards (Grafana).
- Endpoint:
get_prometheus_metrics()generates the text payload. - Key Metrics:
sentinel_requests_total: Traffic volume.sentinel_threats_detected_total: Distinct attacker count.sentinel_scam_events_total{type="lottery"}: Breakdown by scam category.
3. SIEM / SOC Integration
- Format:
JSONL(JSON Lines). - Compatibility: Designed for direct ingestion into Splunk, Azure Sentinel, or ELK Stack.
- Fields:
timestamp,source_ip,risk_score,geo_data,intelligence_count. - Code:
get_siem_export()formats the internal state into a log stream.
4. Operational Visibility
- Risk Scoring: Real-time calculation based on:
- Hosting Provider IP? (+40 Risk)
- VPN Detected? (+30 Risk)
- High-Risk Country (NG/CN/RU)? (+30 Risk)
- Result: The Admin Dashboard can show a "Heatmap" of attacks in real-time.