Does this require a specific version of Elasticsearch?

Yes, it is optimized for Elasticsearch 8.x or OpenSearch 2.x environments with security audit data.

Can this detect data exfiltration attempts?

Yes, by correlating unusual data volumes with unauthorized system access and anomalous login times, it identifies high-risk exfiltration patterns.

What frameworks does this skill align with?

This skill is mapped to NIST CSF 2.0 (DE.CM-01, DE.AE-02) and follows standards like MITRE ATT&CK and NIST AI RMF.

How long does it take to establish a behavioral baseline?

A baseline period of 30 or more days of normal user activity data is recommended for accurate behavioral profiling.

What log sources does this skill support?

It is designed to work with common security logs including Active Directory authentication, VPN logs, DLP events, file server access, and network activity.

Insider Threat Detection with UEBA

Name: Insider Threat Detection with UEBA
Author: mukul975

bymukul975

•

4,120

•

安全与测试

Detects insider threats by implementing User and Entity Behavior Analytics (UEBA) to identify anomalous activity patterns within Elasticsearch or OpenSearch environments.

This skill empowers security teams and AI agents to move beyond static detection rules by modeling baseline user behaviors and identifying statistical deviations. By leveraging Elasticsearch for analytics, it automates the process of building behavioral profiles from authentication, file access, and network logs. It calculates risk scores using peer group analysis and z-score deviations, enabling the correlation of low-confidence indicators into high-fidelity security alerts for proactive insider threat mitigation and incident response.

主要功能

01Behavioral baselining of user authentication and access patterns

02Correlation of multi-vector indicators like unusual login hours and data exfiltration

03Standardized JSON reporting for incident investigation and SOC workflows

04Elasticsearch and OpenSearch integration for large-scale log analysis

05Anomaly scoring using statistical deviation and peer group comparison

064,120 GitHub stars

使用场景

01Automating SOC workflows for investigating potential data exfiltration by employees

02Validating security monitoring coverage against NIST CSF and MITRE ATT&CK frameworks

03Building proactive detection systems for privilege abuse and unauthorized access

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills detecting-insider-threat-with-ueba

For use in Claude.ai and ChatGPT

主要功能

01Behavioral baselining of user authentication and access patterns

02Correlation of multi-vector indicators like unusual login hours and data exfiltration

03Standardized JSON reporting for incident investigation and SOC workflows

04Elasticsearch and OpenSearch integration for large-scale log analysis

05Anomaly scoring using statistical deviation and peer group comparison

064,120 GitHub stars

使用场景

01Automating SOC workflows for investigating potential data exfiltration by employees

02Validating security monitoring coverage against NIST CSF and MITRE ATT&CK frameworks

03Building proactive detection systems for privilege abuse and unauthorized access

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills detecting-insider-threat-with-ueba

For use in Claude.ai and ChatGPT