Skill UI

A comprehensive skill for analyzing AWS spending patterns and identifying areas of waste. It provides actionable strategies to reduce cloud costs by detecting idle resources (like unattached EBS volumes or unused Elastic IPs), recommending Reserved Instances, and generating reports using AWS CLI and Cost Explorer data.

This skill provides structured procedures for detecting Golden Ticket attacks, a severe threat involving forging Kerberos Tickets in Active Directory. It analyzes Windows Event ID 4769 for indicators such as RC4 encryption downgrades, abnormal ticket lifetimes, and inconsistencies in TGS/TGT requests. Designed for SOC analysts and threat hunters using SIEM platforms (Splunk/Elastic) to enhance security monitoring coverage against credential theft.

This skill implements User and Entity Behavior Analytics (UEBA) to detect sophisticated insider threats. It builds behavioral baselines from diverse log sources (authentication, file access, network) using Elasticsearch/OpenSearch. It calculates anomaly scores and performs peer group analysis to identify deviations indicative of data exfiltration, privilege abuse, or unauthorized access patterns.

Systematically optimizes Security Information and Event Management (SIEM) detection rules in platforms like Splunk and Elastic. This process involves analyzing historical alert volumes, establishing environmental baselines, creating context-aware whitelists, and statistically adjusting detection thresholds to significantly reduce false positives, improving overall security efficacy.