Sentinelloop

AI agent that triages Splunk security alerts end-to-end — writing its own SPL through the Splunk MCP Server and returning a MITRE-mapped verdict in seconds.

Comment

Inspiration

In the X-Men, the Sentinels are autonomous machines built to hunt threats. SentinelLoop borrows the name but flips the intent: an autonomous AI that hunts intrusions on your side and loops through your alerts while a human stays in command. The practical spark came from two real SOC pains. Analysts drown in alerts that each need the same 20 to 30 minutes of manual investigation. And saved searches silently break when a field gets renamed, so the automation you trusted yesterday returns nothing today and nobody notices. One Splunk operator put it as "I write insightful dashboards and the next data delivery they might not work." I wanted an agent that does the investigation and survives that drift.

What it does

SentinelLoop is an autonomous SOC triage analyst. Give it a Splunk alert and it:

  • Writes its own SPL and runs it through the Splunk MCP Server, deciding each next query from the previous result (a real ReAct loop, not a single prompt).
  • Validates every query through the MCP validate_spl tool before executing it.
  • Self-heals schema drift. When a query hits a field that no longer exists and returns nothing, it detects that and rewrites the query to the current field.
  • Calls Splunk's native ML (anomalydetection) to surface outlier hosts.
  • Reaches a MITRE ATT&CK mapped verdict (severity, confidence, narrative, recommended action). Then, behind a human Approve, it writes the verdict back to Splunk and logs a CSV audit record.

It runs live against real Splunk, or fully offline in DEMO mode with recorded fixtures, shipped as a one-click Windows executable.

How we built it

  • Desktop app: Python and PyQt6, a frameless neon UI with a collapsible sidebar, a live agent console, and animated radar and ECG widgets, all drawn in code (no image assets).
  • A clean three-layer setup: UI, Agent Core, and Splunk layer, talking to each other through plain dataclasses. The UI never imports agent internals and the agent never imports Qt. Agent work runs on a QThread so the UI never blocks.
  • The agent: a guardrailed ReAct loop with an OpenAI-compatible LLM client that is provider agnostic (free Groq Llama-3.3-70B by default, swappable to Ollama, Gemini, or a Splunk-hosted model through env vars).
  • Splunk integration: all searches route through the Splunk MCP Server (splunk-mcp-server2) over SSE, with a fallback to direct REST. Alerts come from curated detections over the Boss of the SOC v3 dataset (index=botsv3).
  • Resilience: recorded JSON fixtures back DEMO mode, and PyInstaller packages everything into a single offline .exe.

Challenges we ran into

  • No Enterprise Security or notable index in my environment, so I built the alert queue from curated detections over index=botsv3 instead.
  • Sysmon fields were not extracted (no TA), so I grounded the investigation in field-extracted wineventlog:security EventCode 4688 process-creation data, which happened to contain a real encoded-PowerShell download cradle.
  • The MCP server prepended its own search to queries and silently returned 0 rows until I stripped the leading keyword. BOTS v3 is 2018 data, so I also had to pass earliest_time=0.
  • Dependency and runtime issues: a FastMCP API change (the description kwarg), a typing_extensions install with no RECORD file, and Splunk refusing every search with a 503 when its dispatch disk dropped below minFreeSpace.
  • Keeping the agent honest. Early on it wandered and never concluded, so I added a step budget and a forced final verdict, and I made the self-heal a visible, labeled step.

Accomplishments that we're proud of

  • An agent that investigates real Splunk data through the Splunk MCP Server, end to end, verified live.
  • A self-heal that runs on real data instead of a scripted illusion.
  • It runs on free and local models with no paid API required, and ships as a one-click offline executable so anyone can try it in seconds.
  • A polished UI built solo in a short window.

What we learned

How to integrate an agent with the Model Context Protocol, the real quirks of Splunk's REST API and data model, and that autonomy needs guardrails. Validate before execute, a read-only allowlist, bounded steps, and a human-in-the-loop approval are what make an AI agent trustworthy in security operations.

What's next for SentinelLoop

  • Run on Splunk Cloud with hosted models and Enterprise Security notables.
  • Multi-alert correlation and case management, grouping related alerts into one incident.
  • A growing detection and response playbook library, and packaging for macOS and Linux.

Built With

  • boss-of-the-soc
  • groq
  • llama
  • mitre-att&ck
  • model-context-protocol
  • pyinstaller
  • pyqt6
  • python
  • splunk
  • splunk-mcp-server
  • splunk-rest-api
Share this project:

Updates