Probe Log Specification (HAP)
This document defines the structure, formatting rules, and usage guidelines for logging anomaly probes submitted to the Hybrid Attack Panel (HAP).
Purpose
The Probe Log enables structured ingestion, cataloging, and review of OSINT anomalies and emergent patterns submitted by human analysts or AI agents. It supports: - Detection of hybrid threat signatures - Correlation across time, location, and actor sets - Historical case-building and narrative collapse tracking
Log Structure
Each log entry should include the following fields, in YAML block or Markdown table format (preferred is YAML):
Required Fields
| Field | Type | Description |
|---|---|---|
probe_id |
String | Unique ID, format: PROBE-YYYYMMDD-NNN |
timestamp |
String | ISO-8601 UTC time of entry submission |
submitted_by |
String | Analyst name or AI identifier |
location |
String | City, region, or geo-coordinates |
source_summary |
String | Title or short note about the source(s) triggering the probe |
source_links |
List | One or more URLs or references |
anomaly_type |
Enum | One of: InfoOps, EconSignal, MilMovement, PsySignal, Other |
summary |
String | 1-2 sentence overview of what is being flagged |
confidence |
Enum | Low, Medium, High — self-assessed confidence level |
Optional Fields
| Field | Type | Description |
|---|---|---|
tags |
List | Hashtags or topic tags (e.g., #BRICS, #BorderCrisis) |
supporting_ai |
List | AI tools that reviewed or annotated the log |
raw_notes |
Text | Analyst freeform notes, observations, comparisons |
crosslinks |
List | Links to related probes or case study entries |
attachments |
List | Local paths to PDF snapshots, JSON dumps, images, etc. |
Example (YAML format)
```yaml probe_id: PROBE-20250717-014 timestamp: 2025-07-17T19:32:00Z submitted_by: Arthur location: Niger–Nigeria Border (Katsina State) source_summary: "Sudden troop surge + blocked comms reported via Al-Jazeera regional" source_links: - https://www.aljazeera.com/news/2025/7/17/nigerian-border-comms-down anomaly_type: MilMovement summary: Troop movements reported along northern border of Nigeria, comms blackout underway. confidence: High tags: [#Niger, #BorderActivity, #CommsBlackout, #ECOWAS] supporting_ai: [Claude, Copilot] raw_notes: | Correlates with economic disruptions last week in Kano. Possible signals training? crosslinks: - PROBE-20250712-003 attachments: - /snapshots/nigeria-border-july17.pdf