What is the primary purpose of the SecOps Threat Hunter skill?

It provides expert guidance and automated workflows for proactively identifying undetected threats, IOCs, and malicious TTPs in your security environment.

Does this skill work with Google SecOps?

Yes, it includes specific mapping for Google SecOps tools and supports UDM (Unified Data Model) searches for comprehensive log analysis.

How does it handle different security toolsets?

The skill intelligently checks for available Local or Remote tools and automatically adapts its workflow to use the most appropriate search capabilities.

Can it generate security reports?

Yes, it can synthesize investigation findings to generate structured markdown reports or post updates directly to existing SOAR cases.

What kind of IOCs can I search for?

The skill supports searching for a wide range of indicators including malicious IP addresses, domains, file hashes (SHA256, MD5, SHA1), and URLs.

SecOps Threat Hunter

Name: SecOps Threat Hunter
Author: majiayu000

bymajiayu000

•

セキュリティとテスト

Proactively identifies undetected threats, IOCs, and malicious TTPs using structured security workflows and SIEM integrations.

概要

This skill transforms Claude into an expert Threat Hunter, providing structured procedures for proactive security investigations. It enables analysts to hunt for threats based on Global Threat Intelligence (GTI) campaigns, specific MITRE ATT&CK techniques, and Indicator of Compromise (IOC) lookups. By automatically mapping tools across local and remote environments—including deep integration with Google SecOps—it facilitates UDM log searching, entity context enrichment, and the synthesis of findings into actionable SOAR cases or comprehensive markdown reports.

主な機能

Automated IOC scanning for IPs, domains, file hashes, and URLs
Guided TTP hunting mapped to MITRE ATT&CK frameworks
Adaptive tool selection for both Local and Remote security environments
Seamless SOAR integration for case management and reporting
64 GitHub stars
Natural language to UDM (Unified Data Model) query translation

ユースケース

Proactively hunting for 'Credential Access' techniques within a 72-hour window
Investigating suspicious entities and documenting findings in a centralized security report
Scanning network logs for indicators associated with a specific GTI Threat Actor campaign

概要

主な機能

Automated IOC scanning for IPs, domains, file hashes, and URLs
Guided TTP hunting mapped to MITRE ATT&CK frameworks
Adaptive tool selection for both Local and Remote security environments
Seamless SOAR integration for case management and reporting
64 GitHub stars
Natural language to UDM (Unified Data Model) query translation

ユースケース

Proactively hunting for 'Credential Access' techniques within a 72-hour window
Investigating suspicious entities and documenting findings in a centralized security report
Scanning network logs for indicators associated with a specific GTI Threat Actor campaign