Adaptive Defense Engine

🧠 Self-learning quarantine

The bot maintains a rolling baseline (Welford online mean + variance) for every(flow, party, device) combination. After 20+ samples, if the last 5 Οƒ-scores stay β‰₯ 5 it auto-quarantines. It auto-releases when the last 10 Οƒ-scores drop ≀ 1.5.

⚠️ Simulated quarantine. Actions flip rows in theflow_quarantine table and are reflected in this UI and OS-BOT. They do not touch real OS firewall, iptables, or router rules.
Baselines learning
0
< 20 samples
Baselines ready
0
β‰₯ 20 samples
Active quarantines
0
Corpus entries
0
end-to-end retained

πŸ” OS-BOT vector relay

/api/osbot-corpus β†’

Every OS-BOT reply is converted into a structured verdict + confidence vector and relayed back to the defense engine as a soft bias: malicious vectors loosen the σ threshold for quarantine, benign vectors accelerate release. All Q→A→vector tuples are retained in the corpus for end-to-end accuracy review.

No vectors yet. Ask OS-BOT something on / to seed the relay.

Defense loop

idle

🚨 Active quarantines (0)

Nothing quarantined. The network looks normal to the bot.

πŸ“ˆ Learned baselines (top 30)

flowpartydevicenΞΌ Οƒlast Οƒrecent

No baselines yet β€” generate some handshakes on the home page first.

πŸ“œ Action log

No actions yet.