Parinita Overwatch
The Security Orchestration Layer That Sees the Whole Kill Chain
Cross-domain correlation. Sub-second response. Court-admissible compliance reports.
Overwatch is the sovereign Security Orchestration Intelligence layer that sits above and unifies the entire Parinita security stack. It ingests normalized events from Sentry, Secure, and Chrysalis, correlates them with AI inference on MI350P, and produces authoritative cross-domain decisions and tamper-proof compliance reports.
Individual Security Products Cannot See Multi-Domain Attacks
A multi-step attack spanning agents, network, and endpoints looks like unrelated noise to any single security product.
A malicious MCP server with risk score 0.28, an exfiltrated GitHub token, malicious code pushed via API, and a medium Cortex XDR alert — every individual product sees an isolated event. The kill chain is invisible until it's complete.
-
No Single Product Sees the Full Kill Chain
Individual XDR, SIEM, and agent governance products each see their own slice. Multi-domain attacks stay invisible until the damage is done.
-
Compliance Reports Are Built by Hand
SOC 2, CMMC, and HIPAA evidence packages require weeks of log aggregation, cross-referencing, and narrative writing — none of it tamper-proof.
-
Response Is Sequential, Not Simultaneous
Traditional security tools trigger responses one at a time. An attack can progress through a second or third stage while the first response is still executing.
One orchestration layer above your entire security stack.
Overwatch sees the kill chain in real time across all three signal sources — Sentry (agentic), Secure (XDR/SIEM), and Chrysalis (immutable audit) — and issues the response simultaneously, not sequentially.
Response directives issue sub-second across all three products simultaneously via NATS JetStream on P8 AmpereOne. Every directive anchors on Chrysalis.
-
Cross-Domain Correlation
No single security product can see a multi-domain attack. Overwatch sees the kill chain in real time across Sentry, Secure, and Chrysalis simultaneously.
-
Sub-Second Response
Response directives issue sub-second across all three products simultaneously via NATS JetStream on P8 AmpereOne — not sequentially.
-
AI on MI350P
MI350P inference reconstructs novel threat-chain narratives an analyst would miss in isolation. Multi-LRM deliberation via Reason for the hardest cases.
-
Court-Admissible Compliance Reports
Every control in SOC 2, CMMC, NIST CSF, HIPAA Security Rule, and ITAR (22 CFR 120-130) maps to one or more Chrysalis transaction hashes. The report itself anchors on-chain.
-
Geographic CISO Posture
Unified dashboard exposes posture scores per-POP across the 101-node geographic health map with sub-second event-to-display latency.
-
Chrysalis-Anchored Directives
Every response directive issued by Overwatch anchors on Chrysalis — the decision chain is as tamper-proof as the evidence chain.
-
Air-Gap Compatible
Compliance reports are generated by querying Chrysalis directly via Besu JSON-RPC — no external dependency required. Sovereign and air-gap compatible.
-
NATS JetStream Event Bus
P8 AmpereOne hosts the NATS JetStream bus connecting all three signal sources. High-throughput, low-latency event delivery to the MI350P correlation plane.
-
Multi-LRM Deliberation for Hard Cases
Complex or ambiguous threat chains route to Reason for multi-LRM deliberation — frontier and open-weight reasoners coordinated for the highest-stakes decisions.
The Plane Model
Orchestra introduces "planes" — logical groupings of hardware optimized for a specific workload class. Unlike Kubernetes node pools, planes represent fundamentally different hardware architectures with different drivers, network requirements, and scheduling semantics.
The plane model is what makes Orchestra different from every other orchestration tool. Kubernetes sees nodes. Orchestra sees purpose-built hardware tiers and routes workloads accordingly.
Three signal sources. One authoritative response.
NATS JetStream on P8 AmpereOne as the event bus, MI350P as the AI correlation plane, P3 EPYC Turin as the Chrysalis validator and compliance engine, ConnectX-7 eBPF/XDP as the hardware enforcement layer.
- 01Sentry signalAgentic behavioral anomalies, warrant violations, and artifact governance events from across all 21+ agents.
- 02Secure signalCortex XDR detections, Wazuh SIEM events, PA firewall alerts, and AI-generated threat intelligence from the Shield agent.
- 03Chrysalis signalImmutable on-chain records of every security-relevant event — revocations, policy changes, access events, and attestation records.
- 04Correlation computeMI350P on Plane 1 runs the AI correlation models. P3 EPYC Turin hosts the Chrysalis validator and generates compliance evidence packages.
- 05Response scopeDirectives issue simultaneously across Sentry, Secure, and noBGP — not sequentially. An attack cannot advance while the first response is still executing.
- 06Compliance frameworkSOC 2 TSC, CMMC, NIST CSF, HIPAA Security Rule, and ITAR (22 CFR 120-130) — every control maps to Chrysalis transaction hashes.
- 07Report anchoringThe completed compliance report itself anchors on Chrysalis — tamper-proof by architecture, court-admissible, air-gap compatible.
- 08Geographic posturePer-POP posture scores update with sub-second event-to-display latency across the 101-node geographic health map.
import overwatch
client = overwatch.Client(seat_token='your_seat_token')
# Stream active security events across all three signal sources
for event in client.events.stream(sources=['sentry', 'secure', 'chrysalis']):
print(f"Source: {event.source}, Type: {event.type}, Severity: {event.severity}")
# Generate a SOC 2 compliance evidence package
report = client.compliance.generate(framework='soc2', period='2026-Q1')
print(f"Report hash: {report.chrysalis_tx_hash}") Proven at scale. Not in a lab.
Parinita AI Edge is the production deployment of the Parinita platform and the largest heterogeneous AI infrastructure deployment in the United States.
Parinita AI Edge
The most complex heterogeneous AI infrastructure in the United States. 101 sites, 9 planes, 12,000+ nodes, 4 accelerator vendors, dual network fabrics, four-layer tenant isolation — all through a single sovereign control plane.
Network & Security Infrastructure
- Multi-vendor acceleratorsFour accelerator vendors — Intel Habana, NVIDIA, AMD, Qualcomm — orchestrated through one control plane with unified scheduling, monitoring, and lifecycle management.
- Dual-fabric networkingCisco production fabric and Arista GPU backend fabric operating as a coordinated system, bridged by identity-aware routing.
- Nationwide scale101 sites across 42 U.S. states, each operating autonomously with a local control agent and a sovereign cross-site routing plane.
- Multi-tenant isolationFour-layer defense-in-depth: VXLAN VNIs, identity-routing, Palo Alto firewalls, and Cilium eBPF — validated across every plane and site.
- Compliance readinessFIPS 140-2 at launch, with FedRAMP Moderate, CJIS, and IL4/IL5 certification paths active through Parinita compliance profiles.
- Sub-millisecond routingEvery request classified and dispatched in under 1ms, enabling real-time SLA enforcement without perceptible overhead.
Required when the attack surface spans more than one security domain.
Overwatch sits on top of Sentry and Secure and gives the human and agent response layer one coherent interface across all three signal sources.
Without Sentry and Secure signal sources, Overwatch has nothing to correlate — it is the orchestration layer, not a replacement for the signal sources.
-
Regulated Industries
Healthcare, finance, defense, and government organizations where a security incident has legal, regulatory, and evidentiary consequences.
-
Multi-Domain Attack Surface
Any organization where agents, network, endpoints, and cloud all represent distinct attack surfaces that no single product monitors simultaneously.
-
Compliance Evidence Generation
Organizations under SOC 2, CMMC, HIPAA, or ITAR that currently spend weeks building audit evidence packages by hand.
-
Air-Gapped Deployments
Compliance reports generated by querying Chrysalis directly — no external connectivity required. Sovereign and air-gap compatible.
-
CISO Situational Awareness
Geographic posture scores across 101 POPs with sub-second latency give security leadership real-time visibility across the entire infrastructure footprint.
Deployment Models
Overwatch deploys as a platform-level service above Sentry and Secure. No separate provisioning — it activates automatically when both signal sources are present.
Overwatch activates automatically when Sentry and Secure are both present. No separate provisioning — one event bus connects all three signal sources.
Query Chrysalis via Besu JSON-RPC to generate compliance evidence packages. Every control maps to transaction hashes auditors can verify independently.
101-POP geographic health map with per-POP posture scores, active incident count, and sub-second event-to-display latency.
Talk to Us
Our security engineering team can walk through the Overwatch correlation model and compliance report generation for your specific regulatory requirements.