Elastic-Powered Context Engineering for Agentic Network Forensics

Context Engineering for Agentic Network Forensics In this session, we’ll explore how to use @Elastic alongside Mermin (Kubernetes-native observability) and ElastiFlow to build agent-driven workflows for network forensics. We’ll walk through how to design and implement “agentic context” using Elastic’s new Agent Builder, focusing on automating the investigation process from detection to resolution. You’ll see how custom tools can be orchestrated to enrich alerts, retrieve relevant telemetry, and guide engineers directly to the insights they need. The demo will follow a real-world scenario: an anomaly is detected by an Elastic-based pipeline. From there, an agent responds to a user query by pulling in correlated telemetry from Mermin/NetObserv, identifying the appropriate Kibana dashboard, and generating a direct, pre-filtered link to investigate the anomalous IP. If you're interested in applying GenAI and agent-based workflows to observability and security use cases, this talk will provide a practical, end-to-end example of what’s possible with Elastic.