Does it support the MITRE ATT&CK framework?

Yes, it provides specific guidance for mapping threat actor behaviors to the MITRE ATT&CK framework to create robust, TTP-based detection rules.

Which threat intelligence sources are supported?

The skill is designed to work with commercial feeds (e.g., RecordedFuture), open-source intelligence (e.g., VirusTotal, abuse.ch), and government advisories (e.g., CISA).

Can this skill help with manual threat hunting?

Absolutely. It assists in developing hypothesis-driven hunting queries that search through logs for evidence of sophisticated attacks that bypass standard rules.

How does this skill improve security detection?

It shifts security operations from generic, reactive alerts to intelligence-led detections based on validated Indicators of Compromise (IoCs) and known adversary tactics.

Threat Intelligence Integration

Name: Threat Intelligence Integration
Author: sethdford

bysethdford

•

安全与测试

Integrates global threat intelligence feeds and TTPs into security operations to enable proactive threat hunting and automated detection.

This skill empowers Claude to act as a senior threat intelligence analyst, bridging the gap between raw threat data and actionable security operations. It facilitates the integration of diverse intelligence sources—ranging from commercial feeds to open-source indicators—directly into SIEM, EDR, and firewall configurations. By mapping adversary behaviors to the MITRE ATT&CK framework and automating IoC management, this skill shifts security posture from reactive alerting to proactive, hypothesis-driven threat hunting, ensuring organizations can identify and mitigate advanced persistent threats (APTs) before they impact critical systems.

主要功能

01Hypothesis-driven threat hunting workflows for proactive defense

02Intelligence lifecycle management including multi-source collection and validation

03Automated IoC integration (IPs, domains, hashes) across firewalls, SIEM, and EDR

04Actionable threat reporting for both technical teams and executive leadership

055 GitHub stars

06MITRE ATT&CK mapping for TTP-based detection and adversary profiling

使用场景

01Developing high-fidelity SIEM detection rules based on emerging APT campaign behaviors

02Conducting targeted hunts for sophisticated lateral movement within internal network logs

03Configuring automated blocking of malicious indicators in perimeter security tools

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sethdford/claude-skills threat-intelligence-integration

For use in Claude.ai and ChatGPT

主要功能

01Hypothesis-driven threat hunting workflows for proactive defense

02Intelligence lifecycle management including multi-source collection and validation

03Automated IoC integration (IPs, domains, hashes) across firewalls, SIEM, and EDR

04Actionable threat reporting for both technical teams and executive leadership

055 GitHub stars

06MITRE ATT&CK mapping for TTP-based detection and adversary profiling

使用场景

01Developing high-fidelity SIEM detection rules based on emerging APT campaign behaviors

02Conducting targeted hunts for sophisticated lateral movement within internal network logs

03Configuring automated blocking of malicious indicators in perimeter security tools