Threat-Classifier
Production-hardened enrichment and scoring that blends GuardDuty, SaaS telemetry, and analyst feedback into an adaptive threat profile.
- Multi-source feature engineering orchestrated via Step Functions and Lambda keeps enrichment deterministic even as telemetry volume grows.
- Scorecards route into Security Hub and EventBridge, preserving traceability for playbooks, approvals, and analyst overrides.
- Shadow deployments execute through SageMaker endpoints to validate new detector bundles before promotion.