Skill UI

This guide demonstrates how to programmatically create, validate, and exchange complex structured threat intelligence objects (Indicators, Malware, Campaigns) using the STIX 2.1 standard and the stix2 Python library. It covers the full lifecycle of intelligence sharing, including defining patterns and publishing data via TAXII 2.1, making it essential for building sophisticated Threat Intelligence Platforms (TIPs) and integrating with SIEM/SOAR systems.

This guide details how to implement advanced SIEM correlation rules to detect sophisticated Advanced Persistent Threats (APTs). By chaining multiple event types—including Windows authentication events, process execution telemetry, and network connection logs—across hosts, users can surface complex attack sequences that are invisible to single-event detections. It utilizes Splunk SPL and Sigma rule formats for robust security posture enhancement.

This skill guides the process of designing, implementing, and validating advanced security detection use cases for Security Information and Event Management (SIEM) platforms like Splunk, Elastic, and Microsoft Sentinel. It focuses on mapping organizational threat profiles to the MITRE ATT&CK framework to build formal, high-fidelity detection rules, thereby strengthening Security Operations Center (SOC) coverage and reducing blind spots.

This skill automates the entire phishing incident response lifecycle using the Splunk SOAR REST API. It processes reported emails, extracts indicators of compromise (IOCs) like URLs and IPs, creates incident containers, attaches artifacts, and triggers automated playbooks for deep analysis and reporting. It is essential for security operations teams needing robust, programmatic incident handling and compliance alignment.

This skill provides a comprehensive guide to integrating STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information). It covers using Python to consume and produce cyber threat intelligence feeds, including server discovery, object fetching, and parsing of STIX 2.1 objects for integration into SIEM and TIP platforms.

In-toto is a CNCF standard project used to verify the integrity of software supply chains. It generates cryptographically signed attestations (link metadata) at every stage of the CI/CD pipeline, proving exactly what artifacts were produced and who authorized the process. This is crucial for securing container builds and ensuring compliance against tampering.

This skill guides the implementation of a structured, six-phase threat intelligence lifecycle. It covers transforming raw data into actionable intelligence by mastering planning, collection, processing, analysis, dissemination, and feedback. Ideal for building mature Cyber Threat Intelligence (CTI) programs and aligning security architecture with compliance standards.

This skill guides Security Operations Center (SOC) teams through structured threat modeling using the MITRE ATT&CK framework. It enables mapping adversary Tactics, Techniques, and Procedures (TTPs) against organizational assets to identify critical detection coverage gaps, prioritize defensive investments, and improve overall security posture. Ideal for risk assessment, purple teaming, and compliance planning.

Implements a comprehensive incident ticketing system that connects SIEM alerts to major ITSM platforms like ServiceNow, Jira, or TheHive. This solution formalizes incident tracking, automates ticket creation, and manages critical processes such as Service Level Agreement (SLA) tracking, complex escalation workflows, and compliance documentation throughout the entire incident lifecycle.

Automate comprehensive vulnerability management by deploying and operating Greenbone/OpenVAS. This skill guides the use of the python-gvm library to programmatically manage the entire scanning lifecycle: creating scan targets, executing complex vulnerability scans via the Greenbone Management Protocol (GMP), monitoring progress, and parsing detailed XML reports into actionable JSON findings. Ideal for security assessments and compliance checks.

This skill provides a deep dive into implementing Zero-Knowledge Proofs (ZKPs) for secure authentication. By utilizing protocols like Schnorr's identification and ZKPP, it demonstrates how a user can prove knowledge of a secret (like a password) without transmitting the secret itself, thereby eliminating server-side risk and enhancing privacy.

This skill guides developers through integrating Static Application Security Testing (SAST) tools like CodeQL and Semgrep into GitHub Actions CI/CD pipelines. It covers automating code scanning on pull requests and pushes, tuning rules to reduce false positives, uploading SARIF results, and establishing quality gates to prevent vulnerable code from merging into production.