Linux version of Splunk MCP LLM MCP SIEMulator . A Docker lab integrating Splunk SIEM with Ollama LLM via Model Context Protocol for AI-powered security operations. Features Promptfoo evaluation, OpenWebUI chat interface, Splunk UF and Raw HEC logging for real-time event ingestion and LLM-assisted incident response testing.

Supplementary appendix describing the full evaluation setup, threat model, defense layers, metrics, and release-gate procedures for secure agentic LLM systems. Includes system configuration, attacker capabilities, telemetry, reproducibility details, and parameter glossary.

An empirical evaluation framework for integrating real-time security feedback into LLM-based Infrastructure-as-Code generation using the Model Context Protocol (MCP).