What formats does this skill support?

The skill supports industry-standard formats including STIX 2.1 and TAXII, as well as common data formats like JSON and CSV from various open-source and commercial providers.

How does it handle duplicate indicators from different sources?

It provides logic to deduplicate indicators across multiple sources by using hashing techniques, ensuring that your SIEM isn't overwhelmed by redundant data while preserving source attribution.

Can I use this with Splunk or Elastic Security?

Yes, it includes specific implementation patterns and Python code for pushing normalized threat intelligence to Splunk ES, MISP, and other major security platforms.

Does it support commercial threat feeds?

Yes, the skill is designed to work with both open-source (like Abuse.ch) and commercial providers such as CrowdStrike and Mandiant Advantage.

Threat Intel Pipeline Integration

Name: Threat Intel Pipeline Integration
Author: mukul975

bymukul975

•

4,120

•

セキュリティとテスト

Automates the ingestion, normalization, and integration of global threat intelligence feeds into SIEM and SOC platforms.

This skill enables security teams to operationalize threat intelligence by building automated pipelines that connect STIX/TAXII, open-source, and commercial feeds directly to detection systems. It handles the complexities of data normalization into STIX 2.1 format, deduplication across multiple sources, and distribution to platforms like Splunk, MISP, or Elastic Security. By automating the flow of Indicators of Compromise (IOCs), it ensures real-time matching against network telemetry while reducing manual overhead for SOC analysts and security engineers.

主な機能

01Real-time IOC distribution to SIEM platforms

02Feed quality and match rate analytics

03Automated STIX/TAXII 2.1 feed ingestion

04Automated indicator expiration and lifecycle management

05Multi-source normalization and deduplication

064,120 GitHub stars

ユースケース

01Standardizing commercial threat data into a unified STIX 2.1 format for cross-tool compatibility

02Reducing false positives by implementing indicator scoring and health monitoring metrics

03Onboarding OSINT feeds like Abuse.ch and AlienVault OTX into a SOC environment

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills building-threat-intelligence-feed-integration

For use in Claude.ai and ChatGPT

主な機能

01Real-time IOC distribution to SIEM platforms

02Feed quality and match rate analytics

03Automated STIX/TAXII 2.1 feed ingestion

04Automated indicator expiration and lifecycle management

05Multi-source normalization and deduplication

064,120 GitHub stars

ユースケース

01Standardizing commercial threat data into a unified STIX 2.1 format for cross-tool compatibility

02Reducing false positives by implementing indicator scoring and health monitoring metrics

03Onboarding OSINT feeds like Abuse.ch and AlienVault OTX into a SOC environment

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills building-threat-intelligence-feed-integration

For use in Claude.ai and ChatGPT