What is the primary purpose of the SecOps Threat Hunter skill?

It provides expert guidance and automated workflows for proactively identifying undetected threats, IOCs, and malicious TTPs in your security environment.

Does this skill work with Google SecOps?

Yes, it includes specific mapping for Google SecOps tools and supports UDM (Unified Data Model) searches for comprehensive log analysis.

How does it handle different security toolsets?

The skill intelligently checks for available Local or Remote tools and automatically adapts its workflow to use the most appropriate search capabilities.

Can it generate security reports?

Yes, it can synthesize investigation findings to generate structured markdown reports or post updates directly to existing SOAR cases.

What kind of IOCs can I search for?

The skill supports searching for a wide range of indicators including malicious IP addresses, domains, file hashes (SHA256, MD5, SHA1), and URLs.

SecOps Threat Hunter

Name: SecOps Threat Hunter
Author: majiayu000

bymajiayu000

•

Security & Testing

Proactively identifies undetected threats, IOCs, and malicious TTPs using structured security workflows and SIEM integrations.

This skill transforms Claude into an expert Threat Hunter, providing structured procedures for proactive security investigations. It enables analysts to hunt for threats based on Global Threat Intelligence (GTI) campaigns, specific MITRE ATT&CK techniques, and Indicator of Compromise (IOC) lookups. By automatically mapping tools across local and remote environments—including deep integration with Google SecOps—it facilitates UDM log searching, entity context enrichment, and the synthesis of findings into actionable SOAR cases or comprehensive markdown reports.

Key Features

01Automated IOC scanning for IPs, domains, file hashes, and URLs

02Guided TTP hunting mapped to MITRE ATT&CK frameworks

03Adaptive tool selection for both Local and Remote security environments

04Seamless SOAR integration for case management and reporting

0564 GitHub stars

06Natural language to UDM (Unified Data Model) query translation

Use Cases

01Proactively hunting for 'Credential Access' techniques within a 72-hour window

02Investigating suspicious entities and documenting findings in a centralized security report

03Scanning network logs for indicators associated with a specific GTI Threat Actor campaign

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add majiayu000/claude-skill-registry hunt

For use in Claude.ai and ChatGPT

Key Features

01Automated IOC scanning for IPs, domains, file hashes, and URLs

02Guided TTP hunting mapped to MITRE ATT&CK frameworks

03Adaptive tool selection for both Local and Remote security environments

04Seamless SOAR integration for case management and reporting

0564 GitHub stars

06Natural language to UDM (Unified Data Model) query translation

Use Cases

01Proactively hunting for 'Credential Access' techniques within a 72-hour window

02Investigating suspicious entities and documenting findings in a centralized security report

03Scanning network logs for indicators associated with a specific GTI Threat Actor campaign

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add majiayu000/claude-skill-registry hunt

For use in Claude.ai and ChatGPT