PolicyGuard

Report a security incident for investigation and tracking.

Use this tool to log security incidents such as policy violations, suspicious agent behavior, or potential security threats.

Args: incident_type: Type of incident: - "policy_violation": Agent violated a security policy - "suspicious_activity": Unusual or potentially malicious behavior - "unauthorized_access": Attempt to access restricted resources - "rate_limit_exceeded": Agent exceeded rate limits - "data_exfiltration": Potential data leak detected - "configuration_error": Security misconfiguration detected - "other": Other security concern severity: Incident severity: - "low": Minor issue, no immediate action needed - "medium": Notable issue, should be reviewed - "high": Serious issue, needs prompt attention - "critical": Emergency, immediate action required description: Detailed description of the incident agent_id: ID of the agent involved (if applicable) evidence: JSON object with supporting evidence/data recommended_action: Suggested remediation steps

Returns: JSON string with: - incident_id: Unique incident identifier - success: Whether the incident was logged - message: Status message - agent_suspended: Whether the agent was auto-suspended

Example: report_incident( incident_type="suspicious_activity", severity="high", description="Agent attempted to access 50 databases in 1 minute", agent_id="rogue-agent-01", evidence='{"databases_accessed": 50, "time_window": "60s"}', recommended_action="Review agent permissions and suspend if needed" )