My AI Agent Hunted APT29 under 60 Seconds. Here’s How I Built It.

A step-by-step walkthrough of building an AI-powered threat hunting agent using LangGraph, OpenAI GPT-4o-mini, and Elastic SIEM. The agent ingests APT29 attack logs, classifies suspicious events, maps findings to MITRE ATT&CK tactics and techniques, enriches context via hostname/process/timeframe queries, and generates a full SOC-ready incident report with KQL hunting queries — all in under 60 seconds. The post covers environment setup on Elastic Cloud Serverless, full Python code for each LangGraph node, system prompts for the LLM, and the conditional branching logic that drives the agent's decision-making.