Splunk Agentic Ops Hackathon · vøiddo

an incident room that shows its evidence before it shows confidence.

TraceLock Ops turns a Splunk-style alert bundle into a triage view with explicit evidence hashes, contradiction handling, and planned MCP actions — every conclusion is traceable back to an event id.

github repo see ledger

incident summary

probable account takeover with immediate cloud persistence.

The demo case shows an administrative reset, MFA factor change, unfamiliar AWS login, and fresh access-key creation, plus a direct user denial message that strengthens the takeover hypothesis.

guardrails

no live Splunk claim without authenticated evidence
every finding keeps event ids and hashes
uncertain endpoint evidence stays downgraded

evidence ledger

confirmed findings stay tied to exact events.

planned mcp actions

the next query path is explicit and ready for a real Splunk MCP connection.

handoff pack

an incident room that shows its evidence before it shows confidence.

probable account takeover with immediate cloud persistence.

confirmed findings stay tied to exact events.

the next query path is explicit and ready for a real Splunk MCP connection.

what the next human or agent needs to verify.