Can this skill help with real-time packet analysis?

No, this skill is specifically designed for log-based analysis within Splunk. For real-time packet-level inspection, tools like Wireshark or Zeek are recommended.

Does it require Splunk Enterprise Security?

While it is optimized for Splunk Enterprise Security (ES) features like Notable Events and the Common Information Model (CIM), the core SPL queries can be used with standard Splunk Enterprise or Splunk Cloud.

Which log sources are most relevant for this skill?

The skill works best with Windows Event Logs, Sysmon, firewall logs, web proxy data, and DNS logs that have been ingested into Splunk.

How does this help with MITRE ATT&CK mapping?

The skill includes logic pre-mapped to specific MITRE ATT&CK techniques (like T1059 and T1562), allowing analysts to quickly categorize findings within the standard framework.

Analyzing Security Logs with Splunk

Name: Analyzing Security Logs with Splunk
Author: mukul975

bymukul975

•

4,121

•

セキュリティとテスト

Investigates security incidents and reconstructs threat timelines using Splunk Search Processing Language (SPL) and cross-log correlation.

This skill empowers AI agents to perform advanced security investigations within Splunk environments by leveraging Splunk Enterprise Security and SPL to correlate data across Windows event logs, Sysmon, proxy, and firewall telemetry. It provides structured workflows for detecting brute force attacks, lateral movement, and data exfiltration, helping security analysts automate incident triage and forensic timeline reconstruction. By mapping findings to frameworks like MITRE ATT&CK and NIST CSF, it ensures that investigations are aligned with industry standards and result in actionable detection rules.

主な機能

014,121 GitHub stars

02Forensic timeline reconstruction across disparate log sources

03Advanced SPL query generation for multi-source security log correlation

04Detection patterns for credential stuffing, Pass-the-Hash, and lateral movement

05Sysmon-based process execution chain analysis and LSASS dump detection

06Conversion of forensic findings into persistent Splunk correlation searches

ユースケース

01Reconstructing user activity and data movement during incident response

02Proactive threat hunting for adversary TTPs within enterprise SIEM data

03Automating the initial triage and scoping of suspected security breaches

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills analyzing-security-logs-with-splunk

For use in Claude.ai and ChatGPT

主な機能

014,121 GitHub stars

02Forensic timeline reconstruction across disparate log sources

03Advanced SPL query generation for multi-source security log correlation

04Detection patterns for credential stuffing, Pass-the-Hash, and lateral movement

05Sysmon-based process execution chain analysis and LSASS dump detection

06Conversion of forensic findings into persistent Splunk correlation searches

ユースケース

01Reconstructing user activity and data movement during incident response

02Proactive threat hunting for adversary TTPs within enterprise SIEM data

03Automating the initial triage and scoping of suspected security breaches

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills analyzing-security-logs-with-splunk

For use in Claude.ai and ChatGPT