Inspiration

Every SOC re-solves the same incidents. Knowledge lives in one engineer's head, then walks out the door. We wanted Splunk to remember—so MTTR drops with every incident instead of resetting.

What it does

Four AI agents on Splunk: Sentinel forecasts breaches, Investigator builds evidence-backed cases via MCP, Librarian remembers past incidents, Hardener backtests and deploys detections—human-approved.

How we built it

A LangGraph multi-agent system over the Splunk MCP Server, with a pluggable model interface (Foundation-sec/Cisco TS-ready), incident memory in KV Store, and a React mission-control dashboard.

Challenges we ran into

Accomplishments that we're proud of

We validated the full loop on a live, unscripted attack—detected, isolated, reasoned to root cause, and auto-generated a Grade-A backtested detection, all with a human-in-the-loop approval gate.

What we learned

Agentic systems live or die on grounding: an agent that guesses field values confabulates. Forcing every query and detection to learn the real schema from data made the whole loop trustworthy.

What's next for Engram

Swapping to Splunk's hosted Foundation-sec and Cisco Time Series models, cross-domain signal fusion, and autonomous code-patching. We've also started hunting for our first design partners and clients.

Built With

  • cisco-time-series-model
  • docker
  • fastapi
  • foundation-sec
  • langgraph
  • model-context-protocol
  • openai
  • pydantic
  • python
  • react
  • recharts
  • sentence-transformers
  • spl
  • splunk
  • splunk-mcp-server
  • tailwind-css
  • tanstack-query
  • typescript
  • vite
Share this project:

Updates