How does this skill help with SIEM licensing costs?

It includes a log source priority framework to help you identify high-value logs and provides methods to estimate volume (EPS) before ingestion.

Can it handle custom log formats?

Yes, the skill includes templates for creating custom regex-based parsers and field mappings to align data with the Common Information Model (CIM).

What SIEM platforms are supported?

The skill provides patterns and configurations compatible with major platforms including Splunk, Elastic, Microsoft Sentinel, and QRadar.

Does it support cloud-native logging?

Absolutely. It contains specific implementation patterns for cloud logs such as AWS CloudTrail, ensuring visibility across hybrid environments.

SIEM Log Source Onboarding

Name: SIEM Log Source Onboarding
Author: mukul975

bymukul975

•

4,120

•

セキュリティとテスト

Streamlines the systematic integration of new data sources into SIEM platforms through automated configuration of collectors, parsers, and field normalization.

This skill provides a structured framework for security professionals to onboard diverse log sources into SIEM platforms like Splunk, Elastic, and Sentinel. It guides the user through every stage of the pipeline—from discovery and volume assessment to configuring rsyslog/forwarders, writing custom regex parsers, and ensuring CIM (Common Information Model) compliance. By using this skill, security teams can ensure high-quality data ingestion, optimize licensing costs, and rapidly enable detection coverage across their infrastructure.

主な機能

01Structured priority framework based on security value and ingestion costs

024,120 GitHub stars

03Ready-to-use templates for Splunk (props/transforms) and infrastructure-as-code

04Automated log collection configuration for Syslog, Windows Event Logs, and CloudTrail

05Data quality validation scripts to monitor ingestion lag and field coverage

06Custom parser development with Regex extraction and CIM field mapping

ユースケース

01Automating the deployment of Windows Event Log collectors across large server fleets

02Normalizing disparate log formats to meet compliance and detection requirements

03Integrating enterprise firewalls and network devices via syslog for centralized monitoring

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-log-source-onboarding-in-siem

For use in Claude.ai and ChatGPT

主な機能

01Structured priority framework based on security value and ingestion costs

024,120 GitHub stars

03Ready-to-use templates for Splunk (props/transforms) and infrastructure-as-code

04Automated log collection configuration for Syslog, Windows Event Logs, and CloudTrail

05Data quality validation scripts to monitor ingestion lag and field coverage

06Custom parser development with Regex extraction and CIM field mapping

ユースケース

01Automating the deployment of Windows Event Log collectors across large server fleets

02Normalizing disparate log formats to meet compliance and detection requirements

03Integrating enterprise firewalls and network devices via syslog for centralized monitoring

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-log-source-onboarding-in-siem

For use in Claude.ai and ChatGPT