Can I use my own organization's playbooks?

Yes, the skill is built to reference and load local YAML-based playbook libraries, allowing you to automate the specific procedures authorized by your CISO.

Which SIEM platforms are compatible with this skill?

The skill includes workflow examples for Splunk and Elastic, but it is designed to work with any SIEM or EDR platform that offers a REST API, such as Microsoft Sentinel or QRadar.

Does this skill perform automated containment?

This skill focuses specifically on the triage phase—identifying, enriching, and prioritizing. While it initiates playbooks, the actual containment actions (like isolating a host) are typically handled in the subsequent response phase.

How does the severity classification work?

It uses a scoring matrix that evaluates asset criticality, data sensitivity (PII/PHI/PCI), the number of affected systems, and the current state of the threat to assign a priority level from P1 to P4.

Security Incident Triage Playbook

Name: Security Incident Triage Playbook
Author: mukul975

bymukul975

•

4,120

•

安全与测试

Automates the classification, prioritization, and response initiation for security incidents using structured incident response playbooks.

This skill empowers security analysts and AI agents to handle the critical initial phase of security incidents with consistency and speed. It provides a structured workflow for acknowledging alerts from SIEM or EDR platforms, enriching indicators (IOCs) with external threat intelligence, and determining incident severity via a weighted matrix. By mapping alerts to MITRE ATT&CK techniques and selecting the appropriate response playbook, it streamlines the hand-off to on-call responders and ensures all triage decisions are documented in systems like TheHive, ServiceNow, or PagerDuty.

主要功能

01Integration with SIEM platforms for alert acknowledgement and status updates

02Mapping of alerts to MITRE ATT&CK techniques for playbook selection

03Automated ticket creation and on-call escalation via PagerDuty

044,120 GitHub stars

05Automated IOC enrichment using VirusTotal, AbuseIPDB, and CMDB data

06Dynamic incident severity calculation based on asset criticality and scope

使用场景

01Accelerating the transition from detection to active response during critical breaches

02Initial SOC triage to filter false positives and prioritize high-impact alerts

03Standardizing incident classification across distributed security teams

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills triaging-security-incident-with-ir-playbook

For use in Claude.ai and ChatGPT

主要功能

01Integration with SIEM platforms for alert acknowledgement and status updates

02Mapping of alerts to MITRE ATT&CK techniques for playbook selection

03Automated ticket creation and on-call escalation via PagerDuty

044,120 GitHub stars

05Automated IOC enrichment using VirusTotal, AbuseIPDB, and CMDB data

06Dynamic incident severity calculation based on asset criticality and scope

使用场景

01Accelerating the transition from detection to active response during critical breaches

02Initial SOC triage to filter false positives and prioritize high-impact alerts

03Standardizing incident classification across distributed security teams

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills triaging-security-incident-with-ir-playbook

For use in Claude.ai and ChatGPT