Guided sentinels and honeypots for selected clients
Sentinel is the defence layer on the BlackDome roadmap: deployable host tripwires, customer honeypots, detonation evidence, and bounded response. It is visible now for private preview discussions, not broad self-serve deployment.
Most products separate threat feeds from the environment they protect. Sentinel is designed to close that loop by turning BlackDome's real attacker telemetry into guided deception, response, and evidence packs for customer systems.
What Sentinel Is Being Built To Do
The design goal is practical defence from the same evidence layer that powers BlackDome intelligence.
Host Tripwires
Canary files, fake credentials, and service facades designed to turn suspicious contact into high-signal evidence.
Managed Honeypots
Customer-specific honeypots and protocol surfaces for teams that need direct collection in their own risk context.
Bounded Response
Policy-constrained actions and escalation paths, with human review where the risk or ambiguity requires it.
Evidence Packs
Every meaningful verdict is intended to carry the contact evidence, reasoning context, and action trail needed for review.
Preview Deployment Path
For now, Sentinel is a guided engagement. The flow below is how we expect selected deployments to work while the agent matures.
Scope the environment
We identify hosts, subnets, acceptable collection boundaries, and what actions must remain approval-gated.
Deploy collection surfaces
BlackDome deploys or guides the deployment of honeypots, host tripwires, and safe deception points.
Correlate with live BlackDome intel
Customer events are compared against the global attacker contact layer, MCP-accessible intelligence, and detonation context.
Review, tune, and expand
The engagement hardens policies, response boundaries, and proof-pack outputs before wider rollout.
Best Fit For Preview
Sentinel is not for every self-serve user yet. These are the teams we should talk to first.
Preview Engagement Options
Sentinel pricing is engagement-led while the product is in development. Public self-serve buyers should start with MCP, API, and packages.
Discovery
A short call to decide whether Sentinel preview access is a fit.
- Use-case review
- Current risk surface
- Deployment constraints
- Suggested next step
Managed Pilot
Guided honeypot or host-tripwire pilot for teams with a clear security outcome.
- Scoped deployment
- BlackDome telemetry correlation
- Evidence-pack review
- Tuning and operational notes
Enterprise Defence
Broader managed deception and defence architecture for high-risk environments.
- Managed honeypot architecture
- Custom collection goals
- MCP and API evidence access
- Governance and reporting support
Interested in the defence layer?
Use BlackDome's public intelligence and MCP now. If you need guided sentinels or honeypots in your own environment, talk to us about a preview engagement.