Can I hunt across multiple LimaCharlie organizations simultaneously?

Yes, the skill is designed for scale, spawning parallel sub-agents to perform IOC and behavioral hunts across multiple OIDs at the same time.

Does it automatically deploy rules to my production environment?

No, the skill follows a safety-first approach. It presents all generated and validated D&R rules for your explicit approval before any deployment occurs.

What types of indicators can it detect?

It extracts and hunts for file hashes, domain names, IP addresses, file paths, and complex behavioral patterns such as specific command-line arguments or registry modifications.

How does it handle large reports without hitting context limits?

The skill uses a modular architecture that offloads heavy processing to sub-agents, keeping the main conversation context focused on orchestration and high-level results.

Does this skill support PDF threat reports?

Yes, the skill can download and parse both web-based HTML reports and PDF files natively using the specialized threat-report-parser sub-agent.

Threat Report Evaluation & IOC Analysis

Name: Threat Report Evaluation & IOC Analysis
Author: refractionPOINT

byrefractionPOINT

•

セキュリティとテスト

Automates the systematic analysis of threat reports to hunt for indicators of compromise and deploy defense-in-depth detections within LimaCharlie environments.

概要

This skill provides an end-to-end workflow for security analysts to ingest threat intelligence—whether from PDFs, URLs, or raw text—and transform it into actionable security outcomes. It leverages specialized sub-agents to parse complex reports, conduct parallel IOC and behavioral hunts across multiple LimaCharlie organizations, and generate validated Detection & Response (D&R) rules. By automating the extraction of hashes, IPs, and malicious patterns, it significantly reduces the time from threat discovery to active protection, ensuring that defenses are grounded strictly in reported data without manual guesswork.

主な機能

3 GitHub stars
Parallel threat hunting across multiple LimaCharlie organizations using specialized sub-agents
Behavioral analysis and hunting mapped to MITRE ATT&CK frameworks
Comprehensive executive reporting with sensor-level impact summaries and recommendations
Automated generation and validation of multi-layered D&R rules for process, network, and persistence
Automated IOC extraction from PDF and web-based reports including hashes, IPs, and domains

ユースケース

Rapidly deploying custom detection rules following a major industry breach or zero-day announcement
Automating the transition from reading threat intelligence to active defensive posture in a SOC
Analyzing a new APT report to determine if managed endpoints have been compromised

概要

主な機能

3 GitHub stars
Parallel threat hunting across multiple LimaCharlie organizations using specialized sub-agents
Behavioral analysis and hunting mapped to MITRE ATT&CK frameworks
Comprehensive executive reporting with sensor-level impact summaries and recommendations
Automated generation and validation of multi-layered D&R rules for process, network, and persistence
Automated IOC extraction from PDF and web-based reports including hashes, IPs, and domains

ユースケース

Rapidly deploying custom detection rules following a major industry breach or zero-day announcement
Automating the transition from reading threat intelligence to active defensive posture in a SOC
Analyzing a new APT report to determine if managed endpoints have been compromised