← Dashboard
🤖 Why Qwen?
How Qwen Cloud powers every decision in Sentinel Edge
🧠
Total Qwen Analyses
--
Real API calls made
API Calls Per Analysis
4
Sequential reasoning steps
🎯
Qwen Usage Rate
--
Of all analyses
4-Step Qwen Reasoning Chain
🔍
Step 1 — Threat Classification
Qwen identifies threat type, severity level, and extracts all IOCs from raw alert text
Qwen API
🔌
MCP — AbuseIPDB Enrichment
Real-time threat intelligence lookup for extracted IP addresses — runs in parallel
Live API
🔧
Step 2 — Tool Selection
Qwen selects optimal security tools based on threat type and MCP enrichment data
Qwen API
📋
Step 3 — Action Plan Generation
Qwen generates specific containment steps using classification + MCP intelligence
Qwen API
Step 4 — Confidence Validation
Qwen self-validates its own output and assigns a confidence score 0.0 to 1.0
Qwen API
Qwen Model Configuration
Modelqwen-max
ProviderAlibaba Cloud DashScope
Endpointdashscope-intl.aliyuncs.com
Temperature0.1 (deterministic)
Max Tokens500 per step
Response FormatJSON (structured)
Timeout25s per step
Performance Metrics
Avg chain time ~8-10 seconds
Step 1 Classification ~2-3s
Step 2 Tool Selection ~2s
Step 3 Action Plan ~2-3s
Step 4 Validation ~1-2s
✅ Graceful Degradation — What Happens When Qwen Is Unavailable
Offline heuristic analyzer activates automatically
Keyword-based threat classification covers 9 threat types
IOC extraction continues using regex patterns
Pre-built containment playbooks provide immediate response
Response marked as offline_smart in provider field
Zero downtime — system never stops responding
Why Qwen Over Other Models
JSON ModeNative structured output — no parsing errors
Reasoning DepthMulti-step chain with self-validation
Context WindowLarge enough for full incident context
Alibaba CloudNative integration — same infrastructure
Cost EfficiencyOptimized prompts keep tokens minimal
DeterministicTemperature 0.1 ensures consistent decisions