Which MITRE ATT&CK techniques are covered?

The skill specifically focuses on T1071 (Application Layer Protocol), T1095 (Non-Application Layer Protocol), and T1571 (Non-Standard Port).

Can this skill help with incident response reporting?

Yes, it includes a standardized output format for documenting Hunt IDs, evidence, risk levels, and recommended containment actions.

What platforms does this threat hunting skill support?

It is designed to work with major EDR and SIEM platforms including CrowdStrike Falcon, Microsoft Defender for Endpoint, Splunk, Elastic Security, and Sysmon.

Does this skill provide actual detection queries?

Yes, it assists in generating and executing queries for SIEM and EDR platforms using languages like KQL and SPL based on hunting hypotheses.

Network Threat Hunting

Name: Network Threat Hunting
Author: micsapp

bymicsapp

0•

安全与测试

Detects and analyzes anomalous network connections to identify potential command-and-control activity and data exfiltration.

This skill transforms Claude into a proactive cybersecurity analyst capable of hunting for stealthy indicators of compromise across network telemetry. It provides specialized guidance for identifying unusual outbound traffic, connections to rare destinations, and communication over non-standard ports by leveraging data from EDR and SIEM platforms. By mapping findings to MITRE ATT&CK techniques, the skill helps security teams validate hypotheses, distinguish true positives from noise, and document findings with high-confidence evidence from tools like CrowdStrike, Microsoft Defender, and Splunk.

主要功能

01Automated identification of C2 communication using MITRE ATT&CK T1071 and T1095.

020 GitHub stars

03Correlation of network anomalies with process trees and endpoint artifacts.

04Detection of data exfiltration attempts over non-standard ports and protocols.

05Structured hunting workflows for SIEM (SPL) and EDR (KQL) telemetry analysis.

06Standardized incident reporting format with risk levels and recommended actions.

使用场景

01Proactive hunting for hidden backdoors and persistent C2 infrastructure.

02Scoping the extent of a network compromise during active incident response.

03Validating security posture during purple team exercises and periodic assessments.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills hunting-for-unusual-network-connections

For use in Claude.ai and ChatGPT

主要功能

01Automated identification of C2 communication using MITRE ATT&CK T1071 and T1095.

020 GitHub stars

03Correlation of network anomalies with process trees and endpoint artifacts.

04Detection of data exfiltration attempts over non-standard ports and protocols.

05Structured hunting workflows for SIEM (SPL) and EDR (KQL) telemetry analysis.

06Standardized incident reporting format with risk levels and recommended actions.

使用场景

01Proactive hunting for hidden backdoors and persistent C2 infrastructure.

02Scoping the extent of a network compromise during active incident response.

03Validating security posture during purple team exercises and periodic assessments.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills hunting-for-unusual-network-connections

For use in Claude.ai and ChatGPT