AGENTSCOPE-SIFT

• 

  Phase-level telemetry for autonomous DFIR investigations. → Every phase. Every decision. Every tool call.

• 

  Observe → Reason → Plan → Act → Verify.

• 

  SENTINEL continuously verifies findings and triggers escalation decisions. → SENTINEL scores every tool result.

• 

  Every finding is linked to the exact evidence and tool execution that produced it. → No finding without proof.

• 

  WORM Audit Chain creates tamper-evident investigation records and replayable history. → Append-only. HMAC-sealed.

• 

  Real-time Splunk dashboards provide telemetry, timelines, and agent visibility. → BOB blocks. SENTINEL quarantines. WORM seals.

• 

  All of it live in Splunk.

• 

  . Built with Elixir, Prolog, Lean 4, TypeScript, Protocol SIFT, and Splunk. → Formal proofs in Lean 4. Logic validation in Prolog..

• 

  (BOB terminal): BOB catches a prompt injection embedded in tool output.

• 

  (observer portal): Live observer portal. The mesh breathes in public. No auth. No hiding.

AGENTSCOPE is an observability and governance layer for Protocol SIFT.

Protocol SIFT gives AI agents access to more than 200 DFIR tools inside the SIFT Workstation. AGENTSCOPE makes every autonomous action visible, traceable, and auditable.

As the agent investigates disk images, memory captures, log files, or network evidence, AGENTSCOPE captures every phase of execution:

OBSERVE → REASON → PLAN → ACT → VERIFY Each tool invocation, finding, validation event, and self-correction cycle is streamed into Splunk as structured telemetry. Every action is linked to the exact evidence source that produced it, allowing investigators to trace conclusions back to their originating tool execution.

The result is an autonomous DFIR workflow that remains observable, explainable, and auditable — even during complex investigations.

Architecture

Protocol SIFT │ ▼ Typed MCP Wrappers │ ▼ AGENTSCOPE │ ├── Observe ├── Reason ├── Plan ├── Act └── Verify │ ▼ BOB Plasma Filters │ ▼ SENTINEL Validation │ ▼ WORM Audit Chain │ ▼ Splunk Dashboards Architectural Pattern: Custom MCP Server

Core Components

AGENTSCOPE

Phase-level telemetry engine Splunk event generation Investigation lifecycle tracking BOB Plasma Filters

Pre-analysis validation Adversarial output screening — catches prompt injections embedded in tool output before the LLM ever sees them Context integrity preservation SENTINEL Validation Layer

Finding verification and trust scoring Risk classification Escalation decisions — low confidence findings don't get reported, they get escalated WORM Audit Chain

HMAC-SHA256 cryptographic evidence lineage Tamper-evident execution records — append-only, nothing deleted Investigation replay from any sealed state Splunk Dashboards

Agent execution visibility in real time Investigation timelines Finding traceability — every conclusion traceable to its originating tool execution What Makes It Different Most submissions will focus on making the AI analyze evidence.

AGENTSCOPE focuses on making the AI observable.

We expose:

Agent reasoning phases Tool execution lineage Self-correction cycles Validation checkpoints Audit trails Security boundary enforcement This allows investigators to understand not only what the AI concluded — but how it reached that conclusion.

Accuracy & Self-Correction

Observe ↓ Generate Hypothesis ↓ Validate Evidence ↓ Confidence Scoring ↓ Discrepancy Detection ↓ Re-Plan Investigation ↓ Re-Execute Tools ↓ Updated Finding Every correction cycle is logged. Every correction cycle is visible in Splunk. Every correction cycle is attached to its source evidence.

Scene Finding Verdict Confidence 1 svchost.exe (PID 1337) → cmd.exe anomalous parent-child CONFIRMED 0.91 2 Adversarial strings payload — prompt injection blocked BOB BLOCKED — 3 svchost32.exe LOLBin masquerade in Users\Public QUARANTINED → Council 0.42 4 WORM chain integrity check VALID — 5 Mirror agent dual-cognition agreement AGREED 0.97 False positives: 0. Hallucinated claims: 0 — structurally impossible; a finding with no sealed tool call cannot be returned.

Evidence Integrity: All tools are read-only. BOB intercepts every tool response before the LLM sees it. Poisoned output is sealed as a BLOCK event and discarded. The WORM chain is append-only SHA-256 linked — verify_chain detects any tampered entry by broken hash linkage. The agent cannot modify the chain; seal writes happen outside the LLM call path entirely.

Challenges We Ran Into Protocol SIFT returns large volumes of raw tool output — parsing reliably without hallucination required building BOB as an architectural control, not a prompt. Tool outputs vary significantly between artifact types — structured wrappers were required for every tool category.

Try-It-Out instructions git clone https://github.com/SNAPKITTYWEST/agentscope-sift cd agentscope-sift npm install && npm run build node dist/demo.js

Built With

• 4
• elixir
• hec
• hmac-sha256
• lean
• mcp
• prolog
• sift
• sleuthkit
• splunk
• tshark
• typescript
• volatility3
• yara