§ SIEM
Splunk Integration
Stream every agent trace — including policy violations — into Splunk via HTTP Event Collector. Your SOC triages AI agent incidents with the same SPL workflows it already runs.
How it works
Execlave ships completed traces to Splunk asynchronously: events are batched and delivered by a dedicated export worker after the trace is committed, so SIEM delivery never adds latency to the enforcement path. Failed batches are retried with backoff. The HEC token is envelope-encrypted at rest — it is never stored as plaintext configuration.
Events arrive with source="execlave:traces" and an optional index / sourcetype override you control.
Setup
Two steps: create an HEC token in Splunk, then point Execlave at it.
1 · Create the HEC token in Splunk
In Splunk Web: Settings → Data Inputs → HTTP Event Collector → New Token. Name it (e.g. execlave), select or create a target index (e.g. ai_agents), and finish. Make sure HEC is globally enabled (Global Settings → All Tokens → Enabled) and note the port — Splunk Cloud uses https://http-inputs-<stack>.splunkcloud.com:443, self-managed defaults to port 8088.
2 · Configure the integration in Execlave
Go to Settings → Integrations and add a Splunk HEC destination:
| Field | Value |
|---|---|
URL | Base HEC URL, e.g. https://splunk.example.com:8088 (no path). |
Token | The HEC token from step 1 (secret). |
Index | Optional — overrides the token default index. |
Sourcetype | Optional — e.g. execlave:trace. |
Click Test connection — Execlave calls the HEC health endpoint to validate the token before enabling exports.
Event format & field reference
Each trace is one HEC event. Timestamps are epoch seconds; all governance context is in the event body.
{ "time": 1765360800.123, "host": "execlave", "source": "execlave:traces", "sourcetype": "execlave:trace", "index": "ai_agents", "event": { "trace_id": "9f4e2c1a-7b3d-4e8f-a1c2-3d4e5f6a7b8c", "organization_id": "org_2x...", "agent_id": "support-bot", "agent_uuid": "c0a8012e-...", "status": "policy_blocked", "model": "gpt-4o", "prompt_tokens": 412, "completion_tokens": 0, "total_tokens": 412, "cost_usd": 0.0021, "duration_ms": 184, "environment": "production", "span_type": "tool", "span_name": "send_email", "session_id": "sess_91...", "user_id": "user_44...", "agent_name": "Support Bot", "autonomy_level": "act_with_approval", "agent_status": "active", "idp_bound": true }}| Field | Type | Description |
|---|---|---|
trace_id | string | Unique trace identifier — join key back to the Execlave dashboard. |
parent_trace_id | string | Parent trace for multi-step / delegated agent runs. |
organization_id | string | Execlave organization the trace belongs to. |
agent_id | string | Your business agent identifier (as registered). |
agent_uuid | string | Internal Execlave agent UUID. |
status | string | success · error · timeout · policy_blocked · limit_exceeded · flagged_for_review |
model | string | LLM model name for the span. |
prompt_tokens / completion_tokens / total_tokens | number | Token usage. |
cost_usd | number | Computed cost of the span in USD. |
duration_ms | number | Wall-clock duration of the span. |
environment | string | e.g. production, staging. |
span_type | string | llm · tool · agent · retrieval · chain. |
span_name | string | Tool or step name (e.g. send_email). |
error_type / error_message | string | Populated on error spans. |
session_id / user_id | string | End-user session attribution, when reported. |
agent_name | string | Display name from the agent registry, when the agent is registered. |
autonomy_level | string | observe · advise · act_with_approval · autonomous — the agent’s declared governance tier. |
agent_status | string | active · paused · inactive · archived · error. |
idp_bound | boolean | True when the agent is bound to an external identity provider (workload identity federation). |
Saved-search pack
Copy these into Settings → Searches, reports, and alerts. Schedule them and attach alert actions to route into your existing on-call flow.
Policy violations by agent
The core SOC view: which agents are tripping which policies. Governance outcomes (policy_blocked, flagged_for_review, limit_exceeded) are distinct statuses, never folded into transport errors.
source="execlave:traces" status IN ("policy_blocked", "flagged_for_review", "limit_exceeded")| stats count AS violations, latest(_time) AS last_seen BY agent_id, span_name, status, environment| sort - violationsAgent error spike (alert candidate)
Schedule every 15 minutes; trigger when any agent crosses the threshold.
source="execlave:traces" status IN ("error", "timeout")| timechart span=15m count BY agent_id| where count > 10Cost runaway
Spend per agent over the search window. Pair with Execlave's real-time cost circuit breaker — Splunk gives the retrospective view, the breaker stops the bleed in-flight.
source="execlave:traces"| stats sum(cost_usd) AS spend_usd, sum(total_tokens) AS tokens BY agent_id, environment| where spend_usd > 50| sort - spend_usdRepeated blocked tool calls (possible abuse / prompt injection)
A user or session repeatedly driving an agent into blocked tool calls is a strong injection signal — escalate per the incident workflow below.
source="execlave:traces" status="policy_blocked" span_type="tool"| stats count AS blocked_calls, values(span_name) AS tools BY agent_id, user_id| where blocked_calls > 5From alert to closed incident
These searches are the detection half. The triage, evidence, and remediation half — pulling the full trace, audit chain, and agent passport from Execlave, then pausing the agent or tightening the policy — is documented end-to-end in the incident response workflow.