Inspiration
Every SOC re-solves the same incidents. Knowledge lives in one engineer's head, then walks out the door. We wanted Splunk to remember—so MTTR drops with every incident instead of resetting.
What it does
Four AI agents on Splunk: Sentinel forecasts breaches, Investigator builds evidence-backed cases via MCP, Librarian remembers past incidents, Hardener backtests and deploys detections—human-approved.
How we built it
A LangGraph multi-agent system over the Splunk MCP Server, with a pluggable model interface (Foundation-sec/Cisco TS-ready), incident memory in KV Store, and a React mission-control dashboard.
Challenges we ran into
Accomplishments that we're proud of
We validated the full loop on a live, unscripted attack—detected, isolated, reasoned to root cause, and auto-generated a Grade-A backtested detection, all with a human-in-the-loop approval gate.
What we learned
Agentic systems live or die on grounding: an agent that guesses field values confabulates. Forcing every query and detection to learn the real schema from data made the whole loop trustworthy.
What's next for Engram
Swapping to Splunk's hosted Foundation-sec and Cisco Time Series models, cross-domain signal fusion, and autonomous code-patching. We've also started hunting for our first design partners and clients.
Built With
- cisco-time-series-model
- docker
- fastapi
- foundation-sec
- langgraph
- model-context-protocol
- openai
- pydantic
- python
- react
- recharts
- sentence-transformers
- spl
- splunk
- splunk-mcp-server
- tailwind-css
- tanstack-query
- typescript
- vite
Log in or sign up for Devpost to join the conversation.