Mission Control

Interactive demo — click, drag, explore the live dashboard.

What is A.T.H.E.N.A?

A.T.H.E.N.A is a multi-agent digital forensics and incident response (DFIR) platform that deploys a fleet of 9 specialist AI agents — each running a different frontier open-source model via Ollama Cloud — to parallelize incident response workflows. Built on the Hermes Agent runtime with MCP tool calling to REMnux and Ghidra, it delivers a Kanban-style Mission Control dashboard for managing the entire incident lifecycle.

0 AI Agents

0 + DFIR Tools

0 Shared Models

The Agent Fleet

9 specialists. 9 different models. Zero systemic blind spots.

Orchestrator

kimi-k2.6:cloud

Decompose cases, route to specialists, supervise fleet operations.

356 tok/s 262K ctx remnux

Triage Specialist

minimax-m2.7:cloud

Rapid initial assessment, artifact prioritization, preliminary IOC extraction. Speed-critical role.

449 tok/s 205K ctx remnux

Memory Forensics

glm-5.1:cloud

Volatility 3 deep-dive, process analysis, injection detection, rootkit hunting.

162 tok/s 205K ctx remnux

Malware RE

deepseek-v4-pro:cloud

Ghidra decompilation, CAPA capability extraction, FLOSS string recovery, PE/ELF analysis.

167 tok/s 1M ctx remnux + ghidra

Threat Hunter

qwen3.5:397b-cloud

Hypothesis-driven hunting, Sigma rules, YARA sweeps, behavioral pattern matching.

198 tok/s 131K ctx remnux

Log & Timeline

kimi-k2.6:cloud

plaso super timelines, EVTX analysis, multi-source log correlation, temporal anomaly detection.

356 tok/s 262K ctx remnux

Threat Intel

gemma4:31b

MISP/IntelOwl enrichment, OSINT gathering, IOC lookup, malware family identification.

89 tok/s 131K ctx remnux

Report Writer

gpt-oss:120b-cloud

Synthesizes findings into forensically sound reports with MITRE ATT&CK mapping.

245 tok/s 131K ctx no mcp

QA Reviewer

nemotron-3-super:cloud

Independent verification of all findings, cross-validation, methodology rigor check. Always a different model.

210 tok/s 131K ctx remnux

Built for Real Incidents

Every component designed for forensically sound, high-velocity incident response.

Multi-Model Fleet

No two agents share a model. Model diversity eliminates systemic blind spots and ensures the QA reviewer always provides a different perspective.

Kanban Workflow

Drag-and-drop task management across 6 workflow columns: Intake → Triage → Analysis → Review → Report → Done.

MCP Tool Calling

50+ tools from REMnux (12) and GhidrAssistMCP (38) at agents' fingertips via Model Context Protocol servers.

Chain of Custody

SHA-256 hashing, read-only evidence enforcement, and full audit trail for every artifact in every case.

Real-Time Events

WebSocket streaming delivers agent findings, status changes, and alerts the instant they happen. No polling. No delay.

Hermes Runtime

Each agent has its own identity (SOUL.md), memory (MEMORY.md), and skills directory via the Hermes Agent runtime.

Architecture

Three layers. One unified response.

Mission Control

React + FastAPI — Kanban, Agent Monitor, Reports, Case Management

REST + WebSocket :9119

Agent Fleet 9 roles

Orchestrator · Triage · Memory · Malware RE · Threat Hunter · Log Analyst · Intel · Writer · QA

Hermes runtime · 9 DIFFERENT models

MCP Tool Servers

remnux-mcp-server (12 tools) · GhidrAssistMCP (38 tools) · 300+ DFIR tools

Ollama Cloud API · REMnux VM

Quick Start

One command installs everything — system deps, Ollama + 9 models, Hermes runtime, backend, frontend, MCP servers, and systemd services.

bash

git clone https://github.com/ionsec/athena.git A.T.H.E.N.A
cd A.T.H.E.N.A
./scripts/install.sh

Prerequisites

Ollama Max subscription ($100/mo) — 10 concurrent models

REMnux VM (Ubuntu 24.04) — 16 vCPU / 64 GB RAM / 1 TB SSD recommended

View full setup guide on GitHub →