Agent Fleet

The Agent Fleet page provides visibility into AuroraSOC's 16 AI agents — their status, capabilities, and real-time activity. Each agent is a specialized AI model wrapped in the BeeAI framework, communicating over the Agent-to-Agent (A2A) protocol.

Agent Architecture Overview

Agent Status Table

The fleet view shows a table with columns:

Column	Description
Agent	Name and avatar icon
Type	Agent specialization
Port	A2A service port
Status	Online / Offline / Degraded
Tasks Completed	Total tasks processed
Active Tasks	Currently running tasks
Avg Response	Average task response time
Last Heartbeat	Last health check timestamp

Status Indicators

• 🟢 Online — Agent responding to health checks, ready for tasks
• 🟡 Degraded — Agent responding but with elevated latency or partial failures
• 🔴 Offline — Agent not responding; circuit breaker may be open

Agent Capabilities

Each agent has specific tags and capabilities the dashboard displays:

Agent	Domain	Key Capabilities
Security Analyst	Alert Triage	SIEM queries, IOC extraction, MITRE mapping, alert correlation
Threat Hunter	Proactive Hunting	LOLBin detection, baseline deviation, threat pattern matching
Incident Responder	Response Execution	Playbook orchestration, containment, remediation
Threat Intel	Intelligence	IOC enrichment, threat feed correlation, intelligence sharing
Network Security	Network Analysis	Flow analysis, DNS tunneling detection, IP blocking
Endpoint Security	Endpoint Defense	EDR scanning, host isolation, process investigation
Malware Analyst	Malware Analysis	YARA scanning, sandbox analysis, malware classification
Forensic Analyst	Digital Forensics	Evidence collection, timeline reconstruction, artifact analysis
Compliance Analyst	Compliance	Framework assessment, audit preparation, gap analysis
Vulnerability Manager	Vuln Management	CVE assessment, patch prioritization, risk scoring
Cloud Security	Cloud Defense	Cloud config audit, IAM review, cloud threat detection
UEBA Analyst	Behavior Analytics	User risk scoring, anomaly detection, insider threat detection
Web Security	Application Security	Web vuln scanning, WAF analysis, API security assessment
CPS Security	OT/IoT Security	Sensor queries, firmware attestation, physical-cyber correlation
Report Generator	Reporting	Executive summaries, technical reports, compliance reports

Agent Detail View

Click any agent to see its detail page:

Activity Feed

Real-time stream of agent actions via WebSocket:

[12:03:15] Received task: Analyze alert ALT-2024-001
[12:03:16] ThinkTool: Parsing alert metadata...
[12:03:17] Executing: SearchLogs (query="src_ip:192.168.1.100")
[12:03:19] Found 47 related events
[12:03:20] Executing: MitreMap (technique="T1053.005")
[12:03:21] Mapped to: Scheduled Task/Job
[12:03:22] Task complete: Confidence 0.87

Performance Metrics

• Tasks per hour trend chart
• Average execution time histogram
• Error rate over time
• Memory utilization (episodic memory entries)

Task History

Paginated list of all tasks the agent has processed, with:

• Task ID and description
• Input alert/case reference
• Execution duration
• Result summary and confidence score
• Tools invoked during execution

Circuit Breaker Status

The dashboard shows the circuit breaker state for each agent:

• CLOSED — Normal, all requests forwarded
• OPEN — Agent unhealthy, requests fail fast (no load on struggling agent)
• HALF_OPEN — Testing with a single probe request

Why Circuit Breakers?

Without circuit breakers, a failing agent would cause cascading timeouts across the system. The circuit breaker pattern isolates failures, allowing the rest of the SOC to continue operating while the unhealthy agent recovers.

Dispatching Manual Tasks

From the Agent Fleet page, you can manually dispatch tasks:

1. Select target agent from the fleet
2. Enter task description and parameters
3. Optionally attach alert or case context
4. Click Dispatch to send via the A2A protocol

The task result appears in the activity feed within seconds.