Skill UI

Systematic alert triage workflow inside Elastic Security SIEM that walks SOC analysts through initial assessment, context gathering with ES|QL, threat intel enrichment, classification, and documentation for faster incident response.

Uses Aqua Security Trivy to scan container images, filesystems, IaC, and Kubernetes manifests for vulnerabilities, secrets, and license issues while generating SBOMs and integrating into CI/CD pipelines for triage-ready reports.

Systematically tune SIEM rules, thresholds, allowlists, correlations, and enrichment so SOC analysts can focus on genuine threats instead of alert fatigue, especially during security assessments and incident response cycles.

Analyze Linux system logs (syslog, auth.log, kern.log, systemd journal, audit records, cron and application logs) to reconstruct user sessions, detect unauthorized access, and build event timelines for incident response and security assessments.

This skill automates the execution of red team phishing campaigns using the Python gophish library. It enables users to create sophisticated email templates with tracking pixels, configure SMTP profiles, import target lists from CSV, and launch full-scale simulations. The system tracks key metrics, including open rates, click rates, and submitted credentials, providing essential data for security awareness training and vulnerability assessments.

Guides SOC teams through discussion-based tabletop exercises that simulate security incidents, validate IR playbooks, train analysts, and rehearse cross-functional communication so you can test procedures without touching production systems.

This tool is designed for security professionals to test for Server-Side Request Forgery (SSRF) vulnerabilities. It systematically probes user-controllable URL parameters to identify access to internal network services, cloud metadata endpoints (AWS/GCP/Azure), and restricted local resources. It supports various payload techniques, including protocol handlers (gopher, file), IP encoding, and DNS rebinding, making it essential for thorough security assessments and penetration testing.

Guide to systematically assess REST and GraphQL APIs against the OWASP API Security Top 10 risks using Burp Suite, Postman, ffuf, and curl to discover endpoints, probe auth/authorization flaws, and verify rate limiting before deployment.

A comprehensive skill for identifying and exploiting Cross-Site Scripting (XSS) vulnerabilities in web applications. It systematically tests reflected, stored, and DOM-based contexts by injecting various JavaScript payloads. The process involves mapping all user input points, identifying output contexts (HTML body, attribute, JS string, etc.), and crafting payloads to bypass sanitization and Content Security Policy (CSP) protections, simulating real-world attacks like session hijacking and credential theft.

Guidance for Go security engineers covering injection, cryptography, filesystem, network, secrets, memory safety, and logging so audits or coding efforts stay defense-in-depth aware.

Catalogs 42 cloud-agnostic design patterns that architects can apply when designing, reviewing, or operating distributed systems to boost reliability, performance, messaging, security, and deployment outcomes.

Guides Debian Linux experts through triaging package, service, and security problems using apt, systemd, dpkg, and AppArmor-aware checks with follow-up verification at every step.