Sentinel is a government PAI (Publicly Available Information) platform built for Department of War analysts. Multi-source open-source intelligence — RSS, Telegram, Twitter, Reddit, darknet — is continuously ingested, enriched, scored for source trust, AI-triaged, and pushed to a map-first common operating picture in real time.
Sentinel runs on two surfaces that share the same backend, user account, and settings:
| Surface | URL / location | Best for |
|---|---|---|
| WEB | app.sentinel.artorias.com | Desktop / tablet-landscape — full COP with inspector |
| MOBILE | DoW App Store | Phones / field use — feed + push alerts |
Watchlists, mission profiles, geofences, and preferences round-trip between the two via
/user-settings/me. Configure once; both devices stay in sync.
Sentinel processes only unclassified, publicly available information. Do not paste, upload, or submit classified or CUI material. See Compliance & governance for DoWD 3115.18, NIST SP 800-171, DFARS 252.204-7012 details, and the Operator Agreement.
Email support@artorias.com with your name, sponsoring command or organization, government email, and a one-line description of your mission role. Your sponsor will be looped in for authorization. Turnaround is typically 1–2 business days for existing sponsored commands.
app.sentinel.artorias.com. Sign in with email + password, DoW SAML SSO (for supported commands), or PIV card (rolling out — check with support).On first sign-in you will be prompted to acknowledge DoWD 3115.18 under Backstage → Profile → DoW compliance. Access stops if this acknowledgement lapses — the platform will remind you 30 days before expiration.
Sentinel seeds six preset mission profiles on first load — FORCE PROTECTION, INDICATIONS & WARNINGS, NATURAL DISASTER, CYBER THREAT, MARITIME & AVIATION, CBRN — so My Feed has something to route on immediately. Edit, subscribe, or delete any of them under Mission profiles.
The web COP requires a viewport ≥ 900 px wide. If you open
app.sentinel.artorias.com on a phone, Sentinel blocks the app behind a
notice directing you to the mobile app or a larger screen. Tablet-landscape and
laptops are supported.
Email support@artorias.com from your government email. We route you through your sponsor's identity channel. Password resets cannot be processed via personal email.
| Role | Description |
|---|---|
| Admin | User management, source configuration, compliance review |
| Analyst | Full COP + feed access, Backstage configuration, ticket submission |
| Viewer | Read-only feed + map access, no settings changes |
The COP is Sentinel's home. A full-bleed map with live alert pins, a country-risk choropleth, a filter panel, a legend, a timeline ribbon, and a right-hand rail showing live alerts or the focused country's feed.
Dark (default), Satellite, Streets, Light, Terrain. The web basemap picker lives in the status strip on top of the map; mobile uses Backstage → Appearance.
Toggle severity, category, time window (last 1 h / 6 h / 24 h / 7 d / all), country, minimum source-trust, cluster on/off, and heatmap on/off. Filter state is in-session — it resets if you leave the COP.
Click a country on the map. The right-hand rail becomes that country's feed, showing the latest daily brief pinned on top followed by hourly items. Press the Expand to full country view button to open the dedicated country page with tabs for high-frequency vs. daily, and per-row inline expansion.
A horizontal ribbon under the map plots every visible alert along time. Hover a tick to see the alert ID and age; click to focus that alert.
Press Escape to close both the inspector and any open filter panel.
Sentinel exposes four feed views on top of the same underlying stream. Pick the one that matches your workflow:
| View | Scope | Typical use |
|---|---|---|
| Global feed | Every alert, every source, no filter | Situational sweep |
| My Feed | Curated per your watchlists, profiles, geofences | Daily analyst routine |
| Urgent | HIGH + CRITICAL, daily briefs excluded | Breaking intel only |
| Search | Global feed with search box autofocused | Ad-hoc lookups |
My Feed merges three sources and deduplicates by id + headline:
/s3-feeds/country/{code}), honoring the per-entry minimum impact floor. Countries from your default mission profile are included here too.If you have none of the above configured, My Feed falls back to the global stream so the page is never empty. The header shows a live breakdown: N WATCHLIST · N PROFILE · N GEOFENCE.
Tapping a country (on map or via any country chip) opens a feed scoped to that country. Two streams:
On the web country page, rows expand inline for quick review. On mobile, tap a row to drill in.
Severity chips (CRITICAL / HIGH / MEDIUM / LOW) at the top of the feed act as exact-match filters — tap HIGH to see HIGH only, not HIGH+. Tap the active chip again to clear.
The search field queries headline, summary, tags, categories, and country codes. On web,
the ⌘K command bar shortcut is equivalent to the Search rail entry.
Hash parameter ?q= is honored so you can bookmark a query.
| Level | Color | Description |
|---|---|---|
| CRITICAL | Red | Immediate threat to life, infrastructure, or national security |
| HIGH | Red | Significant event requiring urgent attention |
| MEDIUM | Yellow | Notable development with potential escalation |
| LOW | Green | Routine reporting, background intelligence |
Sentinel emits two kinds of content:
Daily briefs appear in Global Feed and My Feed but are excluded from Urgent and are labeled with a DAILY chip instead of a severity badge.
Clicking an alert opens the inspector:
Clicking Open original source prompts a Leaving Sentinel confirmation: "You are about to open an external resource. Links are provided for source attribution only. Continue?" Applies to web and mobile. Always cite the originating publisher in downstream products — never Sentinel.
| Action | Effect |
|---|---|
| Save | Bookmarks the alert into Backstage → Saved items. Synced across devices. |
| Share | Web Share API (mobile / modern browsers) or clipboard fallback. |
| Browser print-to-PDF of the open inspector. | |
| Forward | Posts an annotation on the alert via /collaborate/alerts/{id}/annotations. |
| Watch country | Creates a country watchlist entry and navigates to Backstage → Watchlists. |
| Expand / Collapse | Widens the inspector to 900 px on web for long-form reading. |
A separate threat-intelligence stream that does not mix into the geopolitical feeds. Drawn from CVE, ransomware leak sites, CERT advisories, APT tracking, and breach disclosures. Enable it under Backstage → Cyber feed.
| Key | Label | Scope |
|---|---|---|
vulnerability | Vulnerability | CVEs, advisories, patches |
malware_ransomware | Malware / Ransomware | Families, campaigns, leak sites |
threat_actor | Threat actor | APTs, criminal groups, hacktivists |
digital_risk | Digital risk | Brand, executive, data exposure |
infrastructure | Infrastructure | Upstream compromise, supply chain, 3P risk |
credential_exposure | Credential exposure | Leaked credentials, token dumps |
Each category has its own subscribed / push / sound toggles. Default is all subscribed, all push+sound on.
Cyber alerts carry additional fields surfaced in the detail panel:
Toggle Daily cyber brief in settings to receive a once-a-day digest of the cyber stream in your feed, separate from the hourly items.
Backstage is the settings hub. Open it via the gear icon on the web rail, or the equivalent in mobile. Ten sections, all synced across devices via /user-settings/me.
| Section | What lives there |
|---|---|
| Profile | Identity, DoWD 3115.18 acknowledgement, compliance badges, build info, biometric toggle |
| Appearance | Map style, pin size, callouts, feed density, low-bandwidth, language |
| Geofences | Circles, polygons, and routes — AOIs that boost matching alerts into My Feed |
| Mission profiles | Saved filter sets with severity floor, categories, countries, keywords, regions |
| Watchlists | Followed countries, keywords, entities, orgs, topics |
| Saved items | Bookmarked alerts, annotated or plain |
| Notifications | Per-severity push / sound rules, duty-hour window |
| Cyber feed | Cyber-stream enable, severity floor, per-category toggles |
| Nations | Read-only source subscription list |
| Support | Resources (this guide, agreement, terms) + ticket form |
Changes are persisted to device local storage immediately and debounced to the server every ~500 ms. A beforeunload flush guarantees nothing is lost when you close the tab.
Displays your name, role, clearance (if set on the server), email, organization, workgroup, and last sign-in. Source: /auth/me.
Every Sentinel operator acknowledges DoWD 3115.18 annually. The card shows current state — pending, expiring (< 30 days), or current — plus the acknowledgement and expiry dates and the guidance version. Press Read policy to see the directive in full, then Acknowledge (or Renew now) to record your signature.
Acknowledgement is valid for one (1) year. An expired acknowledgement terminates access — the platform warns you 30 days before expiry.
The Profile page displays four platform-level compliance chips:
Biometric unlock (Touch ID / Face ID) is available on the mobile app. Web also shows a small Build readout — mode, commit SHA (if set at build time), and user-agent tail — to help support triage any issues you report.
Device-local preferences. Synced across your own devices but not across users.
For austere networks. Suppresses imagery, drops poll frequency, and applies a severity floor (HIGH+ or CRITICAL only). Configurable poll interval: 1 min / 5 min / 15 min. Toggle under Appearance → Low data mode.
MOBILE Configure which two home-screen buttons appear on the COP. Tap an option to cycle LEFT → RIGHT → unassigned. Default: MY FEED / SEARCH. The web equivalents live in the left rail directly.
Areas of interest. Sentinel matches any alert whose coordinates fall inside an active geofence and promotes it into your My Feed (Source C). Three shape types, device-local, synced across devices.
Center point plus radius in kilometers. Most common shape for a command footprint, a named facility, or a city.
Add: name · latitude · longitude · radius km.
Arbitrary N-sided shape defined by a list of vertices. Use for an operational box, an airspace, or any non-circular AOI.
Add: name, then vertices as lat,lng pairs separated by semicolons. Minimum three points; the polygon auto-closes.
33.3,44.3; 36.2,44.3; 36.2,48.8; 33.3,48.8
A waypoint sequence with a buffer radius. Use for transit corridors — shipping lanes, convoy routes, flight paths.
Add: name, waypoints as lat,lng pairs (min two), and a buffer in km.
Each fence has an independent active toggle. Inactive fences are retained but ignored by the matcher. Deleting a fence is immediate and non-recoverable.
A mission profile is a saved filter — countries, categories, severity floor, keywords, and optional COCOM region scope. Subscribed profiles route items into My Feed (Source B); the default profile also drives push notifications and seeds the watchlist country set for My Feed Source A.
On first login Sentinel seeds six presets. Keep, edit, or delete any of them.
| Preset | Severity | Key categories |
|---|---|---|
| FORCE PROTECTION | MEDIUM+ | Terrorism, Armed conflict, Civil unrest, CBRN |
| INDICATIONS & WARNINGS | LOW+ | Terrorism, Armed conflict, Cyber, CBRN, Diplomatic |
| NATURAL DISASTER | MEDIUM+ | Natural disaster, Infrastructure, Public health |
| CYBER THREAT | LOW+ | Cyber, Infrastructure |
| MARITIME & AVIATION | MEDIUM+ | Maritime & aviation, Armed conflict, Infrastructure |
| CBRN | LOW+ | CBRN, Public health |
A profile matches an alert only if all of the following hold:
A profile's regions field scopes it to one or more geographic combatant commands. Default is all regions. Disable a COCOM and the profile stops matching items in those countries.
| COCOM | Coverage (high level) |
|---|---|
| NORTHCOM | US, Canada, Mexico, Bahamas, Bermuda |
| SOUTHCOM | Central & South America, Caribbean |
| EUCOM | Europe, Russia, Caucasus, Türkiye, Israel, Cyprus |
| AFRICOM | Africa (except Egypt) plus adjacent islands |
| CENTCOM | Middle East, South/Central Asia (AFG, PAK, CA-stans, Egypt) |
| INDOPACOM | East / South / Southeast Asia, Oceania |
Exactly one profile is the default — marked with a DEFAULT chip. The default drives the COP's passive background filter and your push-notification routing.
Flip a profile's Subscribed switch to include or exclude it from My Feed routing without deleting the saved filter. Unsubscribed profiles are retained for later re-use.
Lightweight follows on an entity, keyword, organization, country, or topic. Matches are flagged in your feed and can trigger notifications.
| Type | Use |
|---|---|
| Country | Follow a country by ISO-2 code. Drives My Feed Source A. |
| Keyword | Follow a term in headlines / summaries (e.g. hypersonic). |
| Entity | Follow a named individual or unit. |
| Organization | Follow a named org (e.g. IRGC). |
| Topic | Combination with an optional country + category scope. |
Any alert you save from the inspector lands here with its severity, category, country codes, and the timestamp of the save action.
Saved items sync across devices via /user-settings/me. If you save on mobile, it's on the web instantly on next hydrate.
Separate push and sound toggles for each of the four severity levels. Cyber alerts route through the Cyber feed's own per-category settings.
| Severity | Default push | Default sound |
|---|---|---|
| CRITICAL | On | On |
| HIGH | On | Off |
| MEDIUM | Off | Off |
| LOW | Off | Off |
Silence push outside of a defined UTC window. Default window is 06:00 UTC –
22:00 UTC. CRITICAL alerts override the quiet window and still fire. Tap
the start or end time to advance by one hour.
Both devices share the same duty window via sync. If you update it on mobile, web picks it up on the next settings hydrate.
A read-only list of every upstream source Sentinel is currently subscribed to, keyed by ISO country code. Each row shows the source name, country, and on/off state as reported by the backend pipeline.
Search by name, country, or source type. Sources themselves are configured server-side — this tab exists so analysts know what's in the feed, not to flip switches.
Pinned links at the top of Backstage → Support:
Fill in subject, category (ACCOUNT / TECHNICAL / DATA_SOURCE / OTHER), priority (LOW / MEDIUM / HIGH), and a description. The form attaches your user email and session token. You receive a reference number on submission.
| Channel | Details |
|---|---|
| support@artorias.com | |
| DSN | 312-555-0100 |
| Critical incidents | 1-800-555-0199 |
| Security / compromise | security@artorias.com |
| Civil liberties & privacy | compliance@artorias.com |
| Legal | legal@artorias.com |
| SLA | Response within 4 business hours; resolution within 2 business days |
| Key | Label |
|---|---|
NATURAL_DISASTER | Natural disaster |
TERRORISM | Terrorism |
CIVIL_UNREST | Civil unrest |
ARMED_CONFLICT | Armed conflict |
INFRASTRUCTURE_FAILURE | Infrastructure |
CYBER_INCIDENT | Cyber |
PUBLIC_HEALTH | Public health |
DIPLOMATIC_CRISIS | Diplomatic |
MARITIME_AVIATION | Maritime & aviation |
CBRN | CBRN (chemical / biological / radiological / nuclear) |
OTHER | Other |
| Outcome | Meaning |
|---|---|
| PUBLISH | Passed all gates — streams to analysts immediately |
| HOLD_FOR_REVIEW | Triage confidence below auto-publish threshold — admin queue |
| HOLD_SINGLE_SOURCE | No corroboration yet on a sensitive taxonomy — hold pending a second source |
| HOLD_LOW_CONFIDENCE | Low model confidence — hold for human |
| LOG_ONLY | Retained but not shown in operator feeds |
TERRORISM and CBRN have a lower auto-publish barrier and a stricter hold policy by design — you may see them in review more often.
Hard-refresh (⌘⇧R on macOS, Ctrl⇧R on Windows). Sentinel's HTML ships with Cache-Control: no-store so stale HTML shouldn't persist — but browser back/forward cache can hold a prior snapshot.
Usually a network or auth issue. Confirm you can reach app.sentinel.artorias.com, hard-refresh, then sign out and back in. If the issue persists, email support with your browser, network context (office / VPN / mobile), and a screenshot of the developer-tools Console tab.
Real-time push rides the WebSocket. If your token is expired, you see nothing until you sign back in. Corporate proxies sometimes block WebSocket upgrades — coordinate with your network team to allow wss://ws.sentinel.artorias.com.
You likely have no watchlists, profiles, or geofences configured. My Feed falls back to the global stream if everything is empty; a non-empty My Feed with zero items means your filters are too narrow — widen the severity floor, add a country, or clear the impact chip.
Expected. The web COP requires a viewport ≥ 900 px wide. Rotate a tablet to landscape, resize the window, or use the mobile app.
Use Backstage → Support to open a ticket. Include the alert ID (top of the inspector), the issue observed, and what you expected. Classification and geocoding quality are part of the pipeline's continuous evaluation loop.
Sentinel operates in accordance with Department of War Directive 3115.18, which establishes policy for access to and use of Publicly Available Information. Every operator must acknowledge this guidance annually under Backstage → Profile.
The platform meets NIST SP 800-171 Rev 3 requirements for protecting Controlled Unclassified Information (CUI) in non-federal systems — access control, audit logging, configuration management, incident response, risk assessment, and personnel security.
Infrastructure meets DFARS cybersecurity requirements for safeguarding covered defense information. Cyber incidents are reported within the required timelines.
All sources are verified for Terms-of-Service compliance per DoWD 3115.18. Trust tiers reflect verification status and reliability assessment. Sources are re-evaluated on policy change.
Sentinel is deployed on AWS GovCloud (us-gov-west-1). All ingestion, storage, enrichment, and delivery happen inside the GovCloud boundary.
Do not use Sentinel to query, collect, or retain information about a U.S. person except as authorized under the Intelligence Community's civil-liberties framework and your command's implementing guidance. When in doubt, pause and consult your civil- liberties officer or intelligence oversight representative.
Sentinel processes only unclassified, publicly available information. Do not paste, upload, or otherwise submit classified or CUI material. Controlled material belongs in an appropriately accredited system.