Enterprise Security for UniFi Networks
Purpose-built SIEM that integrates natively with every UniFi product. Monitor, detect, and respond to threats across your entire ecosystem.
Native UniFi Integration
Deep integration with every UniFi product for comprehensive visibility.
UniFi Network
Real-time monitoring of all network events including IDS/IPS alerts, firewall logs, client connections, wireless events, and traffic anomalies.
- Syslog & CEF ingestion
- WebSocket real-time events
- API polling for device status
- Client tracking & analytics
UniFi Protect
Comprehensive video surveillance integration with motion detection, smart alerts, and AI-powered event analysis.
- Webhook event receiver
- Motion & smart detection
- Camera health monitoring
- Recording alerts
UniFi Access
Physical access control monitoring for doors, credentials, and access attempts across your facilities.
- Door access events
- Credential management
- Unauthorized access alerts
- Visitor tracking
UniFi Talk
VoIP system monitoring for call patterns, voicemail, and communication security.
- Call detail records
- Voicemail notifications
- Anomaly detection
- SIP event logging
Powerful Capabilities
Everything you need to detect, investigate, and respond to security threats.
Detection Engine
Powerful YAML-based rule engine with support for complex conditions, aggregation, and correlation across multiple event sources.
- YAML rule definitions
- Regex pattern matching
- Field aggregation (count events over time)
- Multi-condition logic
- Severity classification
- Automatic alert generation
Multi-Channel Alerting
Get notified instantly through your preferred channels when security events occur.
- Email notifications
- Slack integration
- Discord webhooks
- PagerDuty escalation
- Custom webhook delivery
- Alert deduplication
AI-Powered Analysis
Leverage GPT-4 to understand complex security events and get actionable recommendations.
- Natural language explanations
- Threat context analysis
- Remediation suggestions
- Pattern recognition
- Cached insights for speed
- Configurable prompts
Threat Intelligence
Enrich events with external threat data to identify known malicious actors.
- GeoIP location lookup
- AbuseIPDB reputation
- VirusTotal integration
- ASN information
- Malicious IP blocking
- Intelligent caching
Active Response
Automatically respond to threats by taking action directly on your UniFi infrastructure.
- Client blocking/quarantine
- VLAN reassignment
- Access credential disable
- Rate limiting
- Auto-revert with timers
- Approval workflows
Elasticsearch Storage
Scalable, searchable storage for all your security events with powerful querying capabilities.
- Full-text search
- Complex aggregations
- Time-based retention
- Index lifecycle management
- High availability support
- Custom dashboards
Traffic Analytics (NetFlow / IPFIX)
See exactly what your network is doing. Ingests NetFlow v5, v9, and IPFIX from UniFi gateways and aggregates flows by 5-tuple for top-talker and protocol analysis.
- NetFlow v5, v9, and IPFIX (v10)
- 60s tumbling-window aggregation
- Top talkers by source, destination, or pair
- Protocol breakdown (TCP/UDP/ICMP/etc.)
- Sortable flow table: bytes, packets, time
- Per-device drill-down and filtering
Network Event Viewer
Separate operational events from security events. Troubleshoot flapping ports, AP radar hits, WAN failovers, and controller provisioning without wading through IDS alerts.
- Link up / down, port flaps, PoE state
- AP radio: DFS radar, channel switch, CAC
- WAN / VPN tunnel state (pppd, IPSec, OpenVPN)
- Controller lifecycle: adopt, provision, upgrade
- Dedicated Network Events page
- Per-device event stream
SNMP Trap Receiver
Listen for v1 and v2c SNMP traps from UniFi switches and gateways. Well-known OIDs are mapped to human-readable names and severity levels.
- SNMPv1 and SNMPv2c / INFORM
- Well-known trap OID mapping (linkUp, authFailure, etc.)
- Optional community-string filtering
- Enterprise-specific OID pass-through
- Full varbind capture in raw event
- Mirrors into the Network Event feed
Structured UniFi Syslog Parsing
Instead of generic keyword matching, dedicated parsers extract the structured fields you need for hunting, correlation, and reporting.
- iptables firewall: 5-tuple, rule name, action
- Suricata IDS: signature ID, classification, priority
- hostapd wireless: STA MAC, association state
- dnsmasq DHCP: IP, MAC, hostname
- Linux auth: SSH, PAM, login success/failure
- Controller: device adoption, provision, upgrade
Multi-Tenant Admin Center
Run Sentinel for multiple clients from a single host. Every client gets their own isolated instance — data, rules, users, and alerts — with automated provisioning end-to-end.
- One-click client instance provisioning
- Automatic subdomain + DNS A record (GoDaddy API)
- Wildcard SSL covering every instance
- Super-admin SSO across all instances
- Per-client resource limits and port allocation
- Centralized rolling upgrades
Device Inventory
Auto-discovered list of every device sending events. Click a device for its full event stream, or filter by device in the Network Events view.
- Derived from event ingestion — no config
- Last-seen and event-count per device
- Device name, MAC, type, site
- Per-device event drill-down endpoint
- 30-day default look-back (configurable)
- Surface-area for operational troubleshooting
Modern, Intuitive Dashboard
Real-time visibility into your security posture with actionable insights.
Ready to Secure Your UniFi Network?
Start your 14-day free trial today. No credit card required. Set up in minutes.
Join 500+ organizations already using Sentinel Nerd