CastellanAI v1.0.0 Release Notes - AI Security Monitoring Platform
· 2 min read
This document provides an overview of the features and capabilities included in CastellanAI v1.0.0.
Platform Overview
CastellanAI is an AI-powered security monitoring platform that processes Windows Event Log data and transforms it into structured security intelligence. The platform consists of three main components:
| Component | Description | Technology |
|---|---|---|
| Worker API | Central processing server | .NET 8.0, ASP.NET Core |
| Agent | Endpoint data collection | .NET 9.0, SignalR |
| Dashboard | Web-based monitoring interface | React 18, TypeScript |
Core Features
Security Event Processing
The platform provides multiple detection mechanisms:
| Detection Type | Description | Use Case |
|---|---|---|
| Pattern Matching | MITRE ATT&CK framework alignment | Known threat identification |
| Anomaly Detection | Statistical deviation analysis | Unusual behavior detection |
| Event Correlation | Related event grouping | Attack chain reconstruction |
| Risk Scoring | Multi-factor event assessment | Prioritization and triage |
Agent Deployment
Agents support the following platforms:
| Platform | Minimum Version | Requirements |
|---|---|---|
| Windows | Windows 10 1809 / Server 2019 | .NET 9.0 Runtime |
| Linux | Ubuntu 20.04, Debian 11, RHEL 8 | .NET 9.0 Runtime |
| macOS | macOS 12 (Monterey) | .NET 9.0 Runtime |
Smart Filtering
The agent implements priority-based filtering to reduce data transmission:
| Priority Level | Score Range | Transmission Behavior |
|---|---|---|
| Critical | 90-100 | Immediate streaming |
| High | 70-89 | Batched (30 second intervals) |
| Low | 0-69 | Filtered locally |
This approach reduces network traffic by 95-98% while retaining security-relevant events.
Real-Time Dashboard
The dashboard provides:
- Live event streaming via SignalR WebSockets
- Security event timeline and visualization
- AI-powered chat interface for event analysis
- Notification integration (Slack, Microsoft Teams)
Installation
Prerequisites
- PostgreSQL 16
- Qdrant vector database
- Ollama (for local AI) or OpenAI API key
Quick Start
- Clone the repository and configure environment variables
- Run database migrations
- Start the Worker API
- Deploy agents to endpoints
For detailed installation instructions, see the Quick Start Guide.
API Reference
The Worker API exposes the following endpoints:
| Endpoint | Method | Description |
|---|---|---|
/api/security-events | GET | List security events |
/api/chat/message | POST | Send chat message to AI |
/api/system-status | GET | Health check |
/api/actions | GET | List available actions |
Support
- Documentation: docs.castellanai.com
- Email: support@castellanai.com
- GitHub: github.com/MLidstrom/CastellanPro