Parinita  /  Products  /  Parinita Overwatch
Enterprise & Edge Layer

Parinita Overwatch

The Security Orchestration Layer That Sees the Whole Kill Chain

Cross-domain correlation. Sub-second response. Court-admissible compliance reports.

Overwatch is the sovereign Security Orchestration Intelligence layer that sits above and unifies the entire Parinita security stack. It ingests normalized events from Sentry, Secure, and Chrysalis, correlates them with AI inference on MI350P, and produces authoritative cross-domain decisions and tamper-proof compliance reports.

101
Sites Worldwide
<1s
Response Time
3
Signal Sources
5
Compliance Frameworks
01 / The Problem

Individual Security Products Cannot See Multi-Domain Attacks

A multi-step attack spanning agents, network, and endpoints looks like unrelated noise to any single security product.

A malicious MCP server with risk score 0.28, an exfiltrated GitHub token, malicious code pushed via API, and a medium Cortex XDR alert — every individual product sees an isolated event. The kill chain is invisible until it's complete.

  • No Single Product Sees the Full Kill Chain

    Individual XDR, SIEM, and agent governance products each see their own slice. Multi-domain attacks stay invisible until the damage is done.

  • Compliance Reports Are Built by Hand

    SOC 2, CMMC, and HIPAA evidence packages require weeks of log aggregation, cross-referencing, and narrative writing — none of it tamper-proof.

  • Response Is Sequential, Not Simultaneous

    Traditional security tools trigger responses one at a time. An attack can progress through a second or third stage while the first response is still executing.

Capability
Current / legacy
What's needed
Kill-chain visibility
Each security product sees its own slice — multi-domain attacks are invisible
Real-time cross-domain correlation across Sentry, Secure, and Chrysalis simultaneously
Response coordination
Sequential responses — attack can progress while first response is executing
Sub-second simultaneous directives across all three products via NATS JetStream
Compliance evidence
Weeks of manual log aggregation — no tamper-proof chain of custody
Chrysalis transaction hashes for every control — report itself anchors on-chain
Threat narrative
Analysts manually correlate alerts — novel attack patterns missed in isolation
MI350P AI reconstructs threat-chain narratives across all signal sources in real time
Audit independence
Vendor controls the log infrastructure — alterable after the fact
Customer can verify compliance evidence independently on Chrysalis — tamper-proof by architecture
Air-gap compatibility
Cloud-hosted SIEM requires external connectivity for compliance reporting
Chrysalis JSON-RPC query generates reports with no external dependency — sovereign and air-gap compatible
02 / Core Capabilities

One orchestration layer above your entire security stack.

Overwatch sees the kill chain in real time across all three signal sources — Sentry (agentic), Secure (XDR/SIEM), and Chrysalis (immutable audit) — and issues the response simultaneously, not sequentially.

Response directives issue sub-second across all three products simultaneously via NATS JetStream on P8 AmpereOne. Every directive anchors on Chrysalis.

  • Cross-Domain Correlation

    No single security product can see a multi-domain attack. Overwatch sees the kill chain in real time across Sentry, Secure, and Chrysalis simultaneously.

  • Sub-Second Response

    Response directives issue sub-second across all three products simultaneously via NATS JetStream on P8 AmpereOne — not sequentially.

  • AI on MI350P

    MI350P inference reconstructs novel threat-chain narratives an analyst would miss in isolation. Multi-LRM deliberation via Reason for the hardest cases.

  • Court-Admissible Compliance Reports

    Every control in SOC 2, CMMC, NIST CSF, HIPAA Security Rule, and ITAR (22 CFR 120-130) maps to one or more Chrysalis transaction hashes. The report itself anchors on-chain.

  • Geographic CISO Posture

    Unified dashboard exposes posture scores per-POP across the 101-node geographic health map with sub-second event-to-display latency.

  • Chrysalis-Anchored Directives

    Every response directive issued by Overwatch anchors on Chrysalis — the decision chain is as tamper-proof as the evidence chain.

  • Air-Gap Compatible

    Compliance reports are generated by querying Chrysalis directly via Besu JSON-RPC — no external dependency required. Sovereign and air-gap compatible.

  • NATS JetStream Event Bus

    P8 AmpereOne hosts the NATS JetStream bus connecting all three signal sources. High-throughput, low-latency event delivery to the MI350P correlation plane.

  • Multi-LRM Deliberation for Hard Cases

    Complex or ambiguous threat chains route to Reason for multi-LRM deliberation — frontier and open-weight reasoners coordinated for the highest-stakes decisions.

03 / Architecture

The Plane Model

Orchestra introduces "planes" — logical groupings of hardware optimized for a specific workload class. Unlike Kubernetes node pools, planes represent fundamentally different hardware architectures with different drivers, network requirements, and scheduling semantics.

The plane model is what makes Orchestra different from every other orchestration tool. Kubernetes sees nodes. Orchestra sees purpose-built hardware tiers and routes workloads accordingly.

P1
Reasoning Cortex
AMD Instinct MI350P
Primary AI inference · LLM serving
1,450+ nodes · 288GB HBM3e · high-bandwidth accelerator
P2
Training & Generation
NVIDIA RTX PRO 6000 Blackwell
Training · TTS · creative compute
950+ nodes · 96GB GDDR7
P3
Chain & CPU Compute
AMD EPYC Turin 9005
Chrysalis validators · CPU inference
700+ nodes · Zen 5c
P4
Knowledge & Retrieval
Intel Sierra Forest
Almanac vector search · RAG anchor
1,250+ nodes · 144 E-cores
P5
Long-Term Memory
NVMe Storage
Enclave · Stratum immutable object
850+ nodes · ransomware-resistant
P6
Media & Acceleration
RTX 4500 BSE · Alveo MA35D
Four tiers · GPU + FPGA + CPU
2,150+ nodes · 4K/8K hardware acceleration
P7
Edge Reflex
Qualcomm Cloud AI 100 Ultra
Ultra-low-latency edge inference
2,000+ nodes · sub-10ms response
P8
Coordination Layer
AmpereOne A128
Orchestra · Chorus routing · agents
2,400+ nodes · 128 ARM cores
P9
Nervous System
Cisco 8000 · Palo Alto · Arista
Routing · firewall · dual fabric
3,500+ devices · ConnectX-7 NICs
04 / Correlation Model

Three signal sources. One authoritative response.

NATS JetStream on P8 AmpereOne as the event bus, MI350P as the AI correlation plane, P3 EPYC Turin as the Chrysalis validator and compliance engine, ConnectX-7 eBPF/XDP as the hardware enforcement layer.

  1. 01
    Sentry signal
    Agentic behavioral anomalies, warrant violations, and artifact governance events from across all 21+ agents.
  2. 02
    Secure signal
    Cortex XDR detections, Wazuh SIEM events, PA firewall alerts, and AI-generated threat intelligence from the Shield agent.
  3. 03
    Chrysalis signal
    Immutable on-chain records of every security-relevant event — revocations, policy changes, access events, and attestation records.
  4. 04
    Correlation compute
    MI350P on Plane 1 runs the AI correlation models. P3 EPYC Turin hosts the Chrysalis validator and generates compliance evidence packages.
  5. 05
    Response scope
    Directives issue simultaneously across Sentry, Secure, and noBGP — not sequentially. An attack cannot advance while the first response is still executing.
  6. 06
    Compliance framework
    SOC 2 TSC, CMMC, NIST CSF, HIPAA Security Rule, and ITAR (22 CFR 120-130) — every control maps to Chrysalis transaction hashes.
  7. 07
    Report anchoring
    The completed compliance report itself anchors on Chrysalis — tamper-proof by architecture, court-admissible, air-gap compatible.
  8. 08
    Geographic posture
    Per-POP posture scores update with sub-second event-to-display latency across the 101-node geographic health map.
python
import overwatch

client = overwatch.Client(seat_token='your_seat_token')

# Stream active security events across all three signal sources
for event in client.events.stream(sources=['sentry', 'secure', 'chrysalis']):
    print(f"Source: {event.source}, Type: {event.type}, Severity: {event.severity}")

# Generate a SOC 2 compliance evidence package
report = client.compliance.generate(framework='soc2', period='2026-Q1')
print(f"Report hash: {report.chrysalis_tx_hash}")
05 / Proof

Proven at scale. Not in a lab.

Parinita AI Edge is the production deployment of the Parinita platform and the largest heterogeneous AI infrastructure deployment in the United States.

Reference Deployment

Parinita AI Edge

The most complex heterogeneous AI infrastructure in the United States. 101 sites, 9 planes, 12,000+ nodes, 4 accelerator vendors, dual network fabrics, four-layer tenant isolation — all through a single sovereign control plane.

101
Points of Presence
4 tiers: T1 (32), T2 (29), T3 (19), T4 (21)
909+
K8s Clusters
101 sites x 9+ plane types
12K+
Compute Nodes
Supermicro, Dell, Ampere, Cachengo
4
Accelerator Vendors
Intel Habana, NVIDIA, AMD, Qualcomm

Network & Security Infrastructure

2,491+
Cisco Switches
+ 303 routers (EVPN-VXLAN)
1,734+
Arista Switches
Lossless GPU backend fabric
367+
Palo Alto Firewalls
PA-5580/PA-5560 series
152+
Petabytes Storage
NVMe over RDMA
  • Multi-vendor accelerators
    Four accelerator vendors — Intel Habana, NVIDIA, AMD, Qualcomm — orchestrated through one control plane with unified scheduling, monitoring, and lifecycle management.
  • Dual-fabric networking
    Cisco production fabric and Arista GPU backend fabric operating as a coordinated system, bridged by identity-aware routing.
  • Nationwide scale
    101 sites across 42 U.S. states, each operating autonomously with a local control agent and a sovereign cross-site routing plane.
  • Multi-tenant isolation
    Four-layer defense-in-depth: VXLAN VNIs, identity-routing, Palo Alto firewalls, and Cilium eBPF — validated across every plane and site.
  • Compliance readiness
    FIPS 140-2 at launch, with FedRAMP Moderate, CJIS, and IL4/IL5 certification paths active through Parinita compliance profiles.
  • Sub-millisecond routing
    Every request classified and dispatched in under 1ms, enabling real-time SLA enforcement without perceptible overhead.
06 / Use Cases

Required when the attack surface spans more than one security domain.

Overwatch sits on top of Sentry and Secure and gives the human and agent response layer one coherent interface across all three signal sources.

Without Sentry and Secure signal sources, Overwatch has nothing to correlate — it is the orchestration layer, not a replacement for the signal sources.

  • Regulated Industries

    Healthcare, finance, defense, and government organizations where a security incident has legal, regulatory, and evidentiary consequences.

  • Multi-Domain Attack Surface

    Any organization where agents, network, endpoints, and cloud all represent distinct attack surfaces that no single product monitors simultaneously.

  • Compliance Evidence Generation

    Organizations under SOC 2, CMMC, HIPAA, or ITAR that currently spend weeks building audit evidence packages by hand.

  • Air-Gapped Deployments

    Compliance reports generated by querying Chrysalis directly — no external connectivity required. Sovereign and air-gap compatible.

  • CISO Situational Awareness

    Geographic posture scores across 101 POPs with sub-second latency give security leadership real-time visibility across the entire infrastructure footprint.

07 / Getting Started

Deployment Models

Overwatch deploys as a platform-level service above Sentry and Secure. No separate provisioning — it activates automatically when both signal sources are present.

Platform-Level Orchestration
Activates With Sentry and Secure

Overwatch activates automatically when Sentry and Secure are both present. No separate provisioning — one event bus connects all three signal sources.

Compliance Report Generation
On Demand or Scheduled

Query Chrysalis via Besu JSON-RPC to generate compliance evidence packages. Every control maps to transaction hashes auditors can verify independently.

CISO Dashboard
Geographic Posture View

101-POP geographic health map with per-POP posture scores, active incident count, and sub-second event-to-display latency.

08 / Get Started

Talk to Us

Our security engineering team can walk through the Overwatch correlation model and compliance report generation for your specific regulatory requirements.