Can I hunt across multiple LimaCharlie organizations simultaneously?

Yes, the skill is designed for scale, spawning parallel sub-agents to perform IOC and behavioral hunts across multiple OIDs at the same time.

Does it automatically deploy rules to my production environment?

No, the skill follows a safety-first approach. It presents all generated and validated D&R rules for your explicit approval before any deployment occurs.

What types of indicators can it detect?

It extracts and hunts for file hashes, domain names, IP addresses, file paths, and complex behavioral patterns such as specific command-line arguments or registry modifications.

How does it handle large reports without hitting context limits?

The skill uses a modular architecture that offloads heavy processing to sub-agents, keeping the main conversation context focused on orchestration and high-level results.

Does this skill support PDF threat reports?

Yes, the skill can download and parse both web-based HTML reports and PDF files natively using the specialized threat-report-parser sub-agent.

Threat Report Evaluation & IOC Analysis

Name: Threat Report Evaluation & IOC Analysis
Author: refractionPOINT

$refractionPOINT$ byrefractionPOINT

•

セキュリティとテスト

Automates the systematic analysis of threat reports to hunt for indicators of compromise and deploy defense-in-depth detections within LimaCharlie environments.

This skill provides an end-to-end workflow for security analysts to ingest threat intelligence—whether from PDFs, URLs, or raw text—and transform it into actionable security outcomes. It leverages specialized sub-agents to parse complex reports, conduct parallel IOC and behavioral hunts across multiple LimaCharlie organizations, and generate validated Detection & Response (D&R) rules. By automating the extraction of hashes, IPs, and malicious patterns, it significantly reduces the time from threat discovery to active protection, ensuring that defenses are grounded strictly in reported data without manual guesswork.

主な機能

013 GitHub stars

02Parallel threat hunting across multiple LimaCharlie organizations using specialized sub-agents

03Behavioral analysis and hunting mapped to MITRE ATT&CK frameworks

04Comprehensive executive reporting with sensor-level impact summaries and recommendations

05Automated generation and validation of multi-layered D&R rules for process, network, and persistence

06Automated IOC extraction from PDF and web-based reports including hashes, IPs, and domains

ユースケース

01Rapidly deploying custom detection rules following a major industry breach or zero-day announcement

02Automating the transition from reading threat intelligence to active defensive posture in a SOC

03Analyzing a new APT report to determine if managed endpoints have been compromised

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add refractionpoint/lc-ai threat-report-evaluation

For use in Claude.ai and ChatGPT

主な機能

013 GitHub stars

02Parallel threat hunting across multiple LimaCharlie organizations using specialized sub-agents

03Behavioral analysis and hunting mapped to MITRE ATT&CK frameworks

04Comprehensive executive reporting with sensor-level impact summaries and recommendations

05Automated generation and validation of multi-layered D&R rules for process, network, and persistence

06Automated IOC extraction from PDF and web-based reports including hashes, IPs, and domains

ユースケース

01Rapidly deploying custom detection rules following a major industry breach or zero-day announcement

02Automating the transition from reading threat intelligence to active defensive posture in a SOC

03Analyzing a new APT report to determine if managed endpoints have been compromised