Sentry

Asset Visibility : Security knows the business better than Dev or Ops
1.1. 60 second discovery : a single agent auto-detects cloud hosts, containers and clusters and syncs with any CMDB via REST API; assets appear in the inventory within one minute of probe installation.
1.2. 2 000+ asset types: six macro categories (Kubernetes, hosts, OS, containers, applications, web apps) covering 180 object types and 2000+ sub-types, with deep recognition of open-source components.
1.3. 20+ security-relevant contexts: every asset is analysed from an attacker's viewpoint - e.g. web-framework details include service type, language, version, associated JARs and full file paths.

Risk Discovery - continuous, agent-based assessment of OS, clusters, containers and apps for vulnerabilities, missing patches, weak passwords and insecure configuration, across the entire application life-cycle.
2.1. Zero-impact: weak-password detection uses loss-less hash collision; white-box vulnerability scans create no dirty data.
2.2. High accuracy: POC verification for Apache, Shiro, WebLogic, FastJSON, Java and more to confirm exploitable flaws.
2.3. Actionable intel: each vulnerability is tagged with availability of public exploit, remote-exploit feasibility, reboot requirement and exact fix command to prioritise remediation.
2.4. Real-time feed: an in-house security lab tracks the latest CVEs and pushes them into the product within hours.

Compliance Baselines - out-of-the-box templates for China Classified Protection 2.0 and CIS Benchmarks, covering mainstream OS, web servers and databases.
3.1. 100+ rules, OS-to-app coverage: baselines for every workload object-OS, Kubernetes, database, etc. mapped to MLPS 2.0 and CIS.
3.2. Adaptive, job-driven checks: create a baseline job and the platform uses the asset inventory to auto-select only the applicable rules.
3.3. Fully customisable: clone and edit templates or add industry-specific rules (e.g. financial-sector hardening standards).

Intrusion Detection & Response
4.1. Full ATT&CK spectrum: >90 % of documented techniques covered, from cluster to OS to container and application layer.
4.2. Multi-engine detection:

• Signature engine: known IOC matching.
• Behaviour engine: anomalous commands, lateral movement, memory-only webshell injection.
• AI engine: self-learning of normal business behaviour to cut false positives.
  4.3. Attack-chain visualisation: correlates scattered alerts into a single incident and renders a 2.5-D topology of the kill chain.
  4.4. Smart noise reduction: automatic alert clustering plus behaviour-based whitelisting.
  4.5. Response arsenal: auto or manual kill of malicious processes, container quarantine, one-click host isolation, IP/file/kernel-module blocking; out-of-the-box SOAR playbooks.

Anti-Malware -12 integrates multiple top-tier AV engines for real-time detection of trojans, viruses and malicious documents, plus a home-grown engine optimised for server-side script attacks.
5.1 Script-command engine: uses AI-driven normalisation and inference instead of regex to detect obfuscated or polymorphic scripts.
5.2. Multi-engine scanning: high detection rate against miners, worms and hack-tools; QingTeng's own engine specialises in cryptojacking and ransomware payloads.

Anti-Ransomware
6.1. Dual-decoy strategy: static and dynamic bait files placed in critical directories to maximise trigger probability during ransomware enumeration.
6.2. Behaviour blocking: monitors hallmark ransomware actions and instantly kills the process before encryption spreads.
6.3. File recovery: hooks encryption APIs and key-generation routines at launch; leverages a continuously updated ransomware-family rule set to decrypt affected files for families such as GlobeImposter and WannaCry.