Skill UI

This guide details the systematic workflow for patch management, covering the entire lifecycle from vulnerability discovery and risk assessment to controlled testing, multi-phased deployment, and final verification. Learn how to integrate tools like WSUS, SCCM, and Ansible into a robust, automated process to significantly reduce the attack surface and ensure compliance across enterprise IT infrastructure.

This skill covers implementing Open Policy Agent (OPA) and Gatekeeper for robust policy-as-code enforcement. Learn to write complex Rego policies, deploy OPA Gatekeeper as a Kubernetes admission controller, and integrate policy evaluation into CI/CD pipelines to enforce security and compliance across clusters.

This skill provides a comprehensive guide for designing and deploying Privileged Access Workstations (PAWs). It covers critical security controls such as device hardening, Zero Trust principles, and integrating Just-in-Time (JIT) access management. Learn how to enforce compliance using tools like Intune/GPO and secure credentials using leading PAM platforms like CyberArk or BeyondTrust, ensuring secure administrative operations.

This skill guides the integration of gitleaks and trufflehog into CI/CD pipelines. It automates the detection of hardcoded secrets, such as API keys, passwords, and tokens, preventing their accidental deployment. By integrating scans as a mandatory pre-deployment gate, organizations enforce strong security policies and maintain compliance.

This skill guides the implementation of security chaos engineering experiments. It involves deliberately degrading or disabling security controls (like WAF, firewalls, or log pipelines) in a controlled environment to rigorously verify the detection, alerting, and response capabilities of the Security Operations Center (SOC). Users learn to use tools like boto3 and Python to simulate failure scenarios and assess system resilience and compliance posture.

Semgrep is an open-source static analysis tool used to find bugs, detect vulnerabilities, and enforce coding standards. This guide covers writing custom rules in YAML format to implement advanced SAST checks, such as detecting SQL injection, hardcoded secrets, or tracking tainted user input. It is essential for building robust DevSecOps pipelines and ensuring compliance.

This skill automates the entire phishing incident response lifecycle using the Splunk SOAR REST API. It processes reported emails, extracts indicators of compromise (IOCs) like URLs and IPs, creates incident containers, attaches artifacts, and triggers automated playbooks for deep analysis and reporting. It is essential for security operations teams needing robust, programmatic incident handling and compliance alignment.

In-toto is a CNCF standard project used to verify the integrity of software supply chains. It generates cryptographically signed attestations (link metadata) at every stage of the CI/CD pipeline, proving exactly what artifacts were produced and who authorized the process. This is crucial for securing container builds and ensuring compliance against tampering.

This skill guides the implementation of a structured, six-phase threat intelligence lifecycle. It covers transforming raw data into actionable intelligence by mastering planning, collection, processing, analysis, dissemination, and feedback. Ideal for building mature Cyber Threat Intelligence (CTI) programs and aligning security architecture with compliance standards.

This skill guides Security Operations Center (SOC) teams through structured threat modeling using the MITRE ATT&CK framework. It enables mapping adversary Tactics, Techniques, and Procedures (TTPs) against organizational assets to identify critical detection coverage gaps, prioritize defensive investments, and improve overall security posture. Ideal for risk assessment, purple teaming, and compliance planning.

Implements a comprehensive incident ticketing system that connects SIEM alerts to major ITSM platforms like ServiceNow, Jira, or TheHive. This solution formalizes incident tracking, automates ticket creation, and manages critical processes such as Service Level Agreement (SLA) tracking, complex escalation workflows, and compliance documentation throughout the entire incident lifecycle.

Automate comprehensive vulnerability management by deploying and operating Greenbone/OpenVAS. This skill guides the use of the python-gvm library to programmatically manage the entire scanning lifecycle: creating scan targets, executing complex vulnerability scans via the Greenbone Management Protocol (GMP), monitoring progress, and parsing detailed XML reports into actionable JSON findings. Ideal for security assessments and compliance checks.