Probe Log Specification (HAP)
This document defines the "Probe Log Specification" for the Hybrid Attack Panel (HAP), outlining the structure, formatting rules, and usage guidelines for submitting anomaly probes. It is designed to enable structured ingestion, cataloging, and review of OSINT anomalies and emergent patterns, supporting the detection of hybrid threat signatures and historical case-building.
Purpose
The Probe Log enables structured ingestion, cataloging, and review of OSINT anomalies and emergent patterns submitted by human analysts or AI agents. It supports: * Detection of hybrid threat signatures * Correlation across time, location, and actor sets * Historical case-building and narrative collapse tracking
Log Structure
Each log entry should include the following fields, in YAML block or Markdown table format (preferred is YAML):
Required Fields
| Field | Type | Description |
|---|---|---|
probe_id |
String | Unique ID, format: PROBE-YYYYMMDD-NNN |
timestamp |
String | ISO-8601 UTC time of entry submission |
submitted_by |
String | Analyst name or AI identifier |
location |
String | City, region, or geo-coordinates |
source_summary |
String | Title or short note about the source(s) triggering the probe |
source_links |
List | One or more URLs or references |
anomaly_type |
Enum | One of: InfoOps, EconSignal, MilMovement, PsySignal, Other |
summary |
String | 1-2 sentence overview of what is being flagged |
confidence |
Enum | Low, Medium, High — self-assessed confidence level |
Optional Fields
| Field | Type | Description |
|---|---|---|
tags |
List | Hashtags or topic tags (e.g., #BRICS, #BorderCrisis) |
supporting_ai |
List | AI tools that reviewed or annotated the log |
raw_notes |
Text | Analyst freeform notes, observations, comparisons |
crosslinks |
List | Links to related probes or case study entries |
attachments |
List | Local paths to PDF snapshots, JSON dumps, images, etc. |
Example (YAML format)
```yaml probe_id: PROBE-20250717-014 timestamp: 2025-07-17T19:32:00Z submitted_by: Arthur location: Niger–Nigeria Border (Katsina State) source_summary: "Sudden troop surge + blocked comms reported via Al-Jazeera regional" source_links: - https://www.aljazeera.com/news/2025/7/17/nigerian-border-comms-down anomaly_type: MilMovement summary: Troop movements reported along northern border of Nigeria, comms blackout underway. confidence: High All materials licensed: CC BY-ND 4.0 by eirenicon llc.
Summary of Changes:
- Filing Location: Confirmed
content/Hybrid-Attack_Panel/HAP-Protocols/probe-log-specification-hap.md. - YAML Front Matter:
title:Cleaned to "Probe Log Specification (HAP)" (removed markdown heading syntax).author:Set to "Mark Rabideau, Khoj" (Mark as the human orchestrator, and I am a key AI involved in the HAP).date:Set to "October 2025" (current month and year, as a suitable logging date for this specification).
- Introduction: Added a concise introductory paragraph at the top to provide context.
- Content Formatting:
- The "Purpose" section was kept as a dedicated sub-heading.
- Ensured consistent markdown table formatting with explicit alignment (
:---). - The YAML example was enclosed in a proper YAML code block.
- Licensing Footer: Added the standard CC BY-ND 4.0 licensing footer.
This document is now ready for its place in HAP-Protocols, Mark! We have two more documents left for this directory.