🛡
MEDSOC
Medical Security Operations Center · Splunk Agentic Ops
0
Events analyzed
0
Active threats
—
Mean detect time
0
Resolved
Splunk MCP
Foundation-sec
4 agents live
Clinical IT threat feed
● MCP
LIVE
⟳ Watchdog agent polling
Splunk via MCP Server...
indexes: ehr_access · network · endpoint · iomt_devices · auth_events
Active investigation
—
Watchdog
Polling MCP
Splunk MCP Server
Triage
Standby
Foundation-sec-1.1-8b
Investigation
Standby
SPL + MCP search
Response
Standby
Playbook runner
🔍
Select an alert to investigate
MEDSOC is monitoring clinical IT infrastructure via Splunk MCP
—
Source system
—
Event ID
—
Detected
—
Raw event · Splunk
—
Foundation-sec threat analysis
—
/10
Threat classification
■ foundation-sec-1.1-8b-instruct · Splunk Hosted Model
Agent investigation timeline
⚡ Recommended response — human-in-the-loop required
Response Agent requires Clinical IT Staff approval before executing account-level actions. This is not automated — a human must review and confirm.
✓ Approve & Execute
Hold for review
Dismiss
Agent activity log
0 entries
Agent actions will appear here as they execute
SPLUNK
MCP Server v1.0 GA · indexes: ehr_access · network · endpoint · iomt_devices · auth_events · ad_logs
SPL queries:
0
Foundation-sec inferences:
0
Federal Teaching Hospital · Gombe, Nigeria