How does it help with threat hunting?

It allows analysts to input specific hypotheses and scan multiple data sources over defined time ranges to discover findings and new indicators of compromise (IOCs).

Can it automate incident remediation?

Yes, it includes operations to contain, investigate, eradicate, and recover from incidents, providing structured evidence for each action taken.

What data sources does this skill support for alert analysis?

The skill supports SIEM, EDR, NDR, and custom log formats, provided the alert data includes essential fields like timestamp, source, and message.

Is this skill aligned with industry standards?

Yes, it is mapped to the MITRE ATT&CK framework, specifically covering tactics such as Initial Access, Execution, Persistence, and Lateral Movement.

Defensive Security Operations

Name: Defensive Security Operations
Author: pluginagentmarketplace

bypluginagentmarketplace

•

보안 및 테스팅

Automates security operations center tasks including threat hunting, alert triage, and incident response orchestration.

The Defensive Security skill empowers Claude to act as a specialized SOC analyst, providing production-grade capabilities for blue team operations. It facilitates the end-to-end security lifecycle by triaging alerts from SIEM, EDR, and NDR platforms, correlating events across disparate log sources, and executing structured incident response actions. With built-in alignment to the MITRE ATT&CK framework and support for hypothesis-based threat hunting, this skill is essential for security teams looking to accelerate their detection and response times through AI-driven automation.

주요 기능

01Hypothesis-based proactive threat hunting across multiple data sources

021 GitHub stars

03Cross-log event correlation and incident timeline generation

04Structured incident response actions for containment and recovery

05Automated alert triage and classification for SIEM and EDR data

06Direct mapping to MITRE ATT&CK tactics and techniques

사용 사례

01Conducting proactive hunts for indicators of compromise across system logs

02Triaging high volumes of security alerts to identify true positives

03Orchestrating rapid containment and evidence collection during security incidents

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add pluginagentmarketplace/custom-plugin-cyber-security defensive

For use in Claude.ai and ChatGPT

Download Skill