Login
Download
Skill UI
Browse and discover
5998+
curated skills
All
Development
Artificial Intelligence
Design & Creative
Product & Business
Data Science
Marketing
Soft Skills
Productivity
Engineering
Languages
Search
threat-detection
, found
34
results
Default
Newest
Most Downloaded
Threat Intelligence Feed Integration
building-threat-intelligence-feed-integration
mukul975/Anthropic-Cybersecurity-Skills
307
Automates ingestion, normalization, scoring, and distribution of STIX/TAXII and open-source threat feeds so SOCs can match IOCs in real time across SIEM and detection tools.
View Details
Threat Campaign Correlation
correlating-threat-campaigns
mukul975/Anthropic-Cybersecurity-Skills
388
Correlates disparate incidents, IOCs, and adversary behaviors using infrastructure, capability, temporal, and victimology pivots to build campaign graphs and intelligence reports for detection tuning and attribution.
View Details
Beaconing Detection with Zeek
detecting-beaconing-patterns-with-zeek
mukul975/Anthropic-Cybersecurity-Skills
140
Loads Zeek conn.log via ZAT into Pandas to analyze connection intervals, computing jitter and flagging low-std periodic flows to catch C2 beaconing during network threat hunting.
View Details
Cloud Cryptomining Detection
detecting-cloud-cryptomining-activity
mukul975/Anthropic-Cybersecurity-Skills
461
Detect unauthorized crypto-mining in AWS, Azure, and GCP by correlating GuardDuty/Defender/SCC findings, compute anomalies, network flows, and container/serverless behaviors to validate threats and guide response.
View Details
GuardDuty Cloud Threat Detection
detecting-cloud-threats-with-guardduty
mukul975/Anthropic-Cybersecurity-Skills
141
Guides security teams through deploying Amazon GuardDuty with protection plans for S3, EKS, EC2 runtime monitoring, and Lambda, interpreting findings, and wiring EventBridge plus Lambda for automated responses across AWS accounts.
View Details
Insider Threat Detection
detecting-insider-threat-behaviors
mukul975/Anthropic-Cybersecurity-Skills
329
Detects insider threat behaviors by hunting for unusual data access, privilege abuse, mass downloads, and resignation-linked exfiltration across EDR, SIEM, and intelligence sources to guide incident response actions.
View Details
Mimikatz Execution Detection
detecting-mimikatz-execution-patterns
mukul975/Anthropic-Cybersecurity-Skills
91
Detect execution patterns of Mimikatz by correlating command-line signatures, LSASS access anomalies, binary indicators, and in-memory modules across EDR and SIEM telemetry, supporting proactive threat hunting and incident response.
View Details
Zeek Network Anomaly Detection
detecting-network-anomalies-with-zeek
mukul975/Anthropic-Cybersecurity-Skills
108
Deploys Zeek to passively monitor network traffic, emit structured connection/DNS/HTTP/SSL logs, and run custom scripts that flag anomalous behavior for threat hunting and incident response teams.
View Details
IDS Network Scan Detection
detecting-network-scanning-with-ids-signatures
mukul975/Anthropic-Cybersecurity-Skills
264
Detect reconnaissance tools such as Nmap and Masscan using Suricata/Snort IDS signatures, thresholds, and anomaly cues to alert on TCP/UDP scans, SYN/ACK probes, and other scan fingerprints before threat actors escalate.
View Details
Detecting Pass-The-Ticket
detecting-pass-the-ticket-attacks
mukul975/Anthropic-Cybersecurity-Skills
63
Analyze Windows Event IDs 4768, 4769, and 4771 within Splunk or Elastic SIEM to identify anomalous Kerberos ticket usage, RC4 downgrades, and unusual service requests, enabling proactive Pass-the-Ticket threat detection.
View Details
Ransomware Network Precursors Detection
detecting-ransomware-precursors-in-network
mukul975/Anthropic-Cybersecurity-Skills
447
Identifies early-stage ransomware indicators in Zeek/Suricata/Arkime traffic, correlates with SIEM rules and threat feeds, and alerts on Cobalt Strike beacons, Mimikatz signatures, RDP brute-force and staging behaviors before encryption begins.
View Details
Sysmon Injection Detection
detecting-t1055-process-injection-with-sysmon
mukul975/Anthropic-Cybersecurity-Skills
294
Detects MITRE T1055 process injection techniques by correlating Sysmon events for remote thread creation, suspicious process access, anomalous DLL loading, and process hollowing to validate detections and feed SIEM alerts in threat-hunting workflows.
View Details
Prev
1
2
3
Next
Language
简体中文
English
