Skip to main content

CastellanAI v1.0.0 Release Notes - AI Security Monitoring Platform

· 5 min read
CastellanAI Team
CastellanAI Team
CastellanAI Development Team

This document provides an overview of the features and capabilities included in CastellanAI v1.0.0.

What's New in v1.0.0

CastellanAI v1.0.0 brings unified threat detection across Windows, Linux, and macOS with AI-powered analysis, real-time streaming, and smart filtering that reduces network traffic by 95-98%.

Platform Overview

CastellanAI is an AI-powered security monitoring platform that processes event log data and transforms it into structured security intelligence.

Architecture Components

ComponentDescriptionTechnology
Worker APICentral processing server.NET 8.0, ASP.NET Core
AgentEndpoint data collection.NET 9.0, SignalR
DashboardWeb-based monitoring interfaceReact 18, TypeScript

Core Features

Security Event Processing

Detection Capabilities

The platform provides multiple detection mechanisms aligned with the MITRE ATT&CK framework for comprehensive threat coverage.

Detection TypeDescriptionUse Case
Pattern MatchingMITRE ATT&CK framework alignmentKnown threat identification
Anomaly DetectionStatistical deviation analysisUnusual behavior detection
Event CorrelationRelated event groupingAttack chain reconstruction
Risk ScoringMulti-factor event assessmentPrioritization and triage
How Risk Scoring Works

Risk scores are calculated using multiple factors:

  1. Event Severity - Base score from event type
  2. Asset Criticality - Importance of affected system
  3. User Context - Privileged accounts scored higher
  4. Historical Pattern - Deviation from baseline behavior
  5. Threat Intelligence - Known IOC matches

Final scores range from 0-100, with 90+ considered critical.

Agent Deployment

Minimum Requirements:

  • Windows 10 version 1809 or later
  • Windows Server 2019 or later
  • .NET 9.0 Runtime

Installation:

# Download and install the agent
.\CastellanAgent-Setup.exe

# Enroll with your portal
castellan-agent enroll --token "YOUR_TOKEN" --portal-url "https://castellanai.com"

# Start the service
castellan-agent run

Smart Filtering

Important

Smart filtering significantly reduces bandwidth usage but requires proper threshold configuration. Critical events are never filtered.

The agent implements priority-based filtering to reduce data transmission:

Priority LevelScore RangeTransmission Behavior
Critical90-100Immediate streaming
High70-89Batched (30 second intervals)
Low0-69Filtered locally
Filtering Statistics

In typical enterprise environments, smart filtering achieves:

  • 95-98% reduction in network traffic
  • 100% retention of security-relevant events
  • Sub-second delivery of critical alerts

This allows monitoring of thousands of endpoints without overwhelming your infrastructure.

Real-Time Dashboard

The dashboard provides comprehensive monitoring capabilities:

  • Live event streaming via SignalR WebSockets
  • Security event timeline and visualization
  • AI-powered chat interface for event analysis
  • Notification integration (Slack, Microsoft Teams)
Progressive Web App

The dashboard is a PWA - install it on your desktop for native-like performance and offline access to cached data.

{
  "Notifications": {
    "Slack": {
      "Enabled": true,
      "WebhookUrl": "https://hooks.slack.com/services/YOUR/WEBHOOK/URL",
      "Channel": "#security-alerts",
      "MinimumSeverity": "High"
    }
  }
}

Installation

Prerequisites

Required Infrastructure

Ensure these services are running before starting the Worker API:

  • PostgreSQL 16 - Primary data store
  • Qdrant - Vector database for AI embeddings
  • Ollama (for local AI) or OpenAI API key

Quick Start

# 1. Clone the repository
git clone https://github.com/MLidstrom/CastellanPro.git
cd CastellanPro

# 2. Configure environment variables
export AUTHENTICATION__JWT__SECRETKEY="your-64-char-minimum-secret-key"
export AUTHENTICATION__ADMINUSER__USERNAME="admin"
export AUTHENTICATION__ADMINUSER__PASSWORD="SecurePassword123!"

# 3. Run database migrations
cd src/Castellan.Worker
dotnet ef database update

# 4. Start the Worker API
dotnet run

# 5. Start the Dashboard (separate terminal)
cd dashboard
npm install && npm run dev
Security Notice

Never commit credentials or API keys to version control. Use environment variables or a secrets manager for all sensitive configuration.

For detailed installation instructions, see the Quick Start Guide.

API Reference

The Worker API exposes the following endpoints:

EndpointMethodDescription
/api/security-eventsGETList security events
/api/chat/messagePOSTSend chat message to AI
/api/system-statusGETHealth check
/api/actionsGETList available actions
Example API Request
# Get recent security events
curl -X GET "http://localhost:5000/api/security-events?limit=10" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json"

Response:

{
  "events": [
    {
      "id": "evt_123",
      "timestamp": "2024-01-15T10:30:00Z",
      "type": "AuthenticationFailure",
      "severity": "High",
      "host": "SERVER-01",
      "user": "admin",
      "description": "Multiple failed login attempts detected"
    }
  ],
  "total": 1,
  "page": 1
}

Support

Get Help

We're here to help you get the most out of CastellanAI.