agentic-threat-hunting-framework 0.3.0__py3-none-any.whl → 0.4.0__py3-none-any.whl

athf/core/template_engine.py

@@ -16,7 +16,8 @@ tactics: {{ tactics }}
 techniques: {{ techniques }}
 data_sources: {{ data_sources }}
 related_hunts: []
-findings_count: 0
+{% if spawned_from %}spawned_from: {{ spawned_from }}
+{% endif %}findings_count: 0
 true_positives: 0
 false_positives: 0
 customer_deliverables: []
@@ -57,6 +58,8 @@ tags: {{ tags }}
 
 - **MITRE ATT&CK Techniques:** {{ ', '.join(techniques) if techniques else '[List relevant techniques]' }}
 - **CTI Sources & References:** [Links to reports, blogs, etc.]
+{% if spawned_from %}- **Research Document:** See [{{ spawned_from }}](../research/{{ spawned_from }}.md) for detailed pre-hunt research
+{% endif %}
 
 ### Related Tickets
 
@@ -172,6 +175,7 @@ def render_hunt_template(
     behavior: Optional[str] = None,
     location: Optional[str] = None,
     evidence: Optional[str] = None,
+    spawned_from: Optional[str] = None,
 ) -> str:
     """Render a hunt template with provided metadata.
 
@@ -189,6 +193,7 @@ def render_hunt_template(
         behavior: Behavior description (for ABLE)
         location: Location/scope (for ABLE)
         evidence: Evidence description (for ABLE)
+        spawned_from: Research document ID (e.g., R-0001) that this hunt is based on
 
     Returns:
         Rendered hunt markdown content
@@ -221,4 +226,5 @@ def render_hunt_template(
         behavior=behavior,
         location=location,
         evidence=evidence,
+        spawned_from=spawned_from,
     )

athf/core/web_search.py

@@ -84,7 +84,7 @@ class TavilySearchClient:
         """Get or create Tavily client instance."""
         if self._client is None:
             try:
-                from tavily import TavilyClient
+                from tavily import TavilyClient  # type: ignore[import-not-found]
 
                 self._client = TavilyClient(api_key=self.api_key)
             except ImportError:

athf/data/docs/CHANGELOG.md

@@ -25,6 +25,58 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Security
 - None
 
+## [0.4.0] - 2026-01-14
+
+### Added
+- **Splunk Integration** - Native Splunk data source support
+  - `athf commands/splunk.py` - Splunk CLI command for query execution
+  - `athf/core/splunk_client.py` - Splunk REST API client
+  - Optional dependencies in pyproject.toml: `splunk = ["requests>=2.25.0"]`
+  - Integration quickstart guide at `integrations/quickstart/splunk.md`
+- **Documentation Expansion** - Comprehensive CLI reference and user guides
+  - CLI_REFERENCE.md expanded by +530 lines with complete command documentation
+  - Enhanced getting-started.md with improved onboarding workflow
+  - Improved level4-agentic-workflows.md with agent orchestration patterns
+  - Enhanced maturity-model.md with +70 lines of maturity progression guidance
+- **Workspace Structure** - Standard directory initialization
+  - docs/, hunts/, integrations/, knowledge/, prompts/, templates/ directories
+  - environment.md template for documenting data sources and tech stack
+
+### Changed
+- **AGENTS.md** - Updated AI assistant instructions with Splunk integration context
+- **CLI Enhancements** - Improved command structure and error handling
+- **Template Engine** - Enhanced template rendering capabilities
+- **Web Search** - Updated Tavily integration for research workflows
+
+### Removed
+- **Testing Infrastructure** - Removed testing/ directory (8 files)
+  - Consolidated testing approach for cleaner repository structure
+  - Files removed: AGENTS.md, PRESENTATION_OUTLINE.md, README.md, TEST-SUMMARY.md, TESTING.md
+  - Scripts removed: test-fresh-install.sh, test-local.sh, test-quick.sh
+
+## [0.3.1] - 2026-01-13
+
+### Fixed
+- **Packaging Bug** - Fixed `ModuleNotFoundError: No module named 'athf.agents'` when installing via pip/pipx
+  - Added missing packages to `pyproject.toml`: `athf.agents`, `athf.agents.llm`
+  - Packages list now includes all subdirectories: athf, athf.agents, athf.agents.llm, athf.commands, athf.core, athf.data, athf.utils
+  - Verified wheel build includes all agent module files
+
+## [0.3.0] - 2026-01-11
+
+### Added
+- **Agent Framework** - Autonomous agents for threat hunting workflows
+  - `athf.agents` - Base agent framework and orchestration
+  - `athf.agents.llm` - LLM-powered agents (hypothesis generation, research, finding analysis)
+  - Agent orchestration with task delegation and result aggregation
+- **Research Workflow** - Pre-hunt research and investigation (`athf research`)
+- **Drift Detection** - Behavioral anomaly detection infrastructure (`athf drift`)
+- **Signal Investigation** - Low-fidelity pattern scoring and investigation (`athf signals`)
+
+### Changed
+- CLI refactored to support agent-based workflows
+- Enhanced hunt creation with agent-generated hypotheses
+
 ## [0.2.2] - 2024-12-17
 
 ### Fixed