How does it help with threat hunting?

It allows analysts to input specific hypotheses and scan multiple data sources over defined time ranges to discover findings and new indicators of compromise (IOCs).

Can it automate incident remediation?

Yes, it includes operations to contain, investigate, eradicate, and recover from incidents, providing structured evidence for each action taken.

What data sources does this skill support for alert analysis?

The skill supports SIEM, EDR, NDR, and custom log formats, provided the alert data includes essential fields like timestamp, source, and message.

Is this skill aligned with industry standards?

Yes, it is mapped to the MITRE ATT&CK framework, specifically covering tactics such as Initial Access, Execution, Persistence, and Lateral Movement.

Defensive Security Operations

Name: Defensive Security Operations
Author: pluginagentmarketplace

bypluginagentmarketplace

•

セキュリティとテスト

Automates security operations center tasks including threat hunting, alert triage, and incident response orchestration.

概要

The Defensive Security skill empowers Claude to act as a specialized SOC analyst, providing production-grade capabilities for blue team operations. It facilitates the end-to-end security lifecycle by triaging alerts from SIEM, EDR, and NDR platforms, correlating events across disparate log sources, and executing structured incident response actions. With built-in alignment to the MITRE ATT&CK framework and support for hypothesis-based threat hunting, this skill is essential for security teams looking to accelerate their detection and response times through AI-driven automation.

主な機能

Hypothesis-based proactive threat hunting across multiple data sources
1 GitHub stars
Cross-log event correlation and incident timeline generation
Structured incident response actions for containment and recovery
Automated alert triage and classification for SIEM and EDR data
Direct mapping to MITRE ATT&CK tactics and techniques

ユースケース

Conducting proactive hunts for indicators of compromise across system logs
Triaging high volumes of security alerts to identify true positives
Orchestrating rapid containment and evidence collection during security incidents

概要

主な機能

Hypothesis-based proactive threat hunting across multiple data sources
1 GitHub stars
Cross-log event correlation and incident timeline generation
Structured incident response actions for containment and recovery
Automated alert triage and classification for SIEM and EDR data
Direct mapping to MITRE ATT&CK tactics and techniques

ユースケース

Conducting proactive hunts for indicators of compromise across system logs
Triaging high volumes of security alerts to identify true positives
Orchestrating rapid containment and evidence collection during security incidents