Skill UI

Guides security architects through designing and deploying a continuous CSPM program across AWS, Azure, and GCP, covering tool selection, policy baselines, automation, and SOC integration to monitor misconfigurations and prioritize remediation.

This skill outlines a comprehensive, structured workflow for managing Microsoft Patch Tuesday security updates. It covers the entire lifecycle, from initial vulnerability triage and risk assessment to testing, staged deployment (Pilot, Production Rings), and final validation, ensuring compliance with risk-based remediation SLAs.

This solution guides the implementation of a phishing reporting button within email clients, creating a critical feedback loop for security teams. By integrating with SOAR platforms, reported suspicious emails undergo automated triage, including IOC extraction, sandbox analysis, and threat intelligence checks. The workflow enables rapid classification, automated remediation (e.g., mass retraction, sender blocking), and provides detailed feedback to the user reporter, significantly enhancing overall security posture.

This workflow guides SOC teams in establishing a comprehensive, structured process for vulnerability management. It utilizes major scanning tools (Nessus, Qualys, OpenVAS) to discover, prioritize, and track remediation of security weaknesses across the infrastructure. It integrates threat intelligence (CISA KEV) and asset criticality into risk scoring, ensuring resources are focused on the most critical threats.

Guides responders through detecting, scoping, containing, analyzing, eradicating, and recovering from malware incidents on enterprise endpoints, using EDR, sandboxing, threat intel, and MITRE mapping for thorough remediation.

This comprehensive guide details the multi-step workflow for responding to sophisticated phishing incidents. It covers everything from initial triage and detailed email header analysis to analyzing malicious URLs and attachments in sandboxes. Key steps include determining the scope of impact, implementing immediate containment actions (like purging emails and revoking sessions), and executing thorough remediation to neutralize the threat and recover affected accounts.

This skill uses the Python azure-mgmt-storage SDK to perform comprehensive security audits on Azure Blob and ADLS storage accounts. It detects critical misconfigurations, including public access exposure, weak or long-lived SAS tokens, lack of encryption at rest, failure to enforce HTTPS, and outdated TLS versions. The output is a detailed, risk-scored report with remediation recommendations, essential for SOC analysts and security posture management.

Audits a domain’s email authentication by querying SPF, DKIM, and DMARC DNS records using dnspython, validating syntax/counts, flagging common spoofing risks, and producing remediation guidance.

This skill provides a structured framework for implementing patch management in Operational Technology (OT) and Industrial Control Systems (ICS) environments. It addresses the critical balance between cybersecurity remediation and maintaining continuous operational safety and availability. Key components include risk-based patch prioritization, vendor compatibility testing, staged deployment through test environments, managing maintenance windows, and implementing compensating controls for unpatchable assets.

This guide details how to implement sophisticated Security Orchestration, Automation, and Response (SOAR) playbooks using Palo Alto Cortex XSOAR. It demonstrates full lifecycle automation, such as phishing incident investigation, requiring enrichment of URLs, IPs, and files, followed by automated containment actions (e.g., blocking senders, purging mailboxes). Mastering this allows SOC teams to drastically reduce Mean Time To Respond (MTTR) by automating detection, analysis, and remediation steps across multiple security tools.

This skill implements an automated system to monitor and alert on vulnerabilities that exceed their defined remediation Service Level Agreements (SLAs). It supports severity-based timelines, complex escalation workflows (e.g., PagerDuty, email), and generates comprehensive compliance reports, ensuring continuous adherence to security best practices.

This skill implements a sophisticated risk-based prioritization engine by combining three critical data sources: the CISA Known Exploited Vulnerabilities (KEV) catalog, the Exploit Prediction Scoring System (EPSS), and traditional CVSS scores. It allows security teams to move beyond simple severity ratings, focusing remediation efforts on vulnerabilities confirmed to be actively exploited in the wild or predicted to be highly exploitable. The workflow integrates fetching, enriching, and scoring vulnerabilities to generate an actionable remediation plan with defined SLAs.