Skill UI

This capability provides advanced threat hunting by analyzing network telemetry (DNS, proxy, connection logs) to detect Command and Control (C2) beaconing patterns. It uses statistical analysis, frequency detection, and jitter analysis to identify compromised endpoints communicating with adversary infrastructure, crucial for proactive threat detection and incident response.

A comprehensive guide on implementing AWS CloudTrail log analysis for robust security monitoring, threat detection, and forensic investigation. Learn how to configure CloudTrail, use Amazon Athena for SQL querying, and leverage CloudWatch Logs Insights and SIEM integration to identify unauthorized access, privilege escalation, and suspicious API activity across AWS services.

This skill implements the Diamond Model framework, providing a structured approach to analyzing complex cyber intrusions. It allows users to programmatically classify and correlate events based on four core elements: Adversary, Capability, Infrastructure, and Victim. Key functionalities include building activity threads, identifying pivot points, and generating comprehensive, pivot-ready threat intelligence reports.

This skill detects covert data exfiltration occurring over DNS tunnels. It analyzes DNS query names by computing Shannon entropy, examining query length distributions, and identifying high subdomain cardinality. It is essential for security operations, incident response, and proactive threat hunting when suspicious or encoded DNS activity is suspected.

This skill automates deep packet capture (PCAP) analysis using tshark and pyshark. It is invaluable for security assessments and incident response, enabling the extraction of protocol statistics, identification of suspicious network flows (e.g., port scanning, beaconing), and comprehensive extraction of Indicators of Compromise (IOCs), including IPs, domains, and URLs. It also specializes in detecting complex anomalies like DNS tunneling.

This guide demonstrates how to build comprehensive forensic super-timelines using Plaso (log2timeline) to correlate events across diverse sources. It covers the entire workflow, from processing disk images and various logs (MFT, registry, browser history) to generating standardized CSV, JSONL exports, and visualizing the results in tools like Timesketch for deep investigative analysis.

This skill performs User and Entity Behavior Analytics (UEBA) to identify anomalous user activities such as impossible travel, unusual access patterns, and privilege abuse. It establishes behavioral baselines using SIEM logs and statistical analysis, helping SOC teams detect insider threats and compromised accounts by flagging deviations from normal user behavior. Use when monitoring security hygiene and suspicious activity is critical.

The Stock Analyzer Skill provides comprehensive technical analysis for stocks and ETFs. It utilizes industry-standard indicators like RSI, MACD, and Bollinger Bands to generate actionable trading signals. Users can perform advanced technical comparisons, monitor portfolio strength, and identify chart patterns through natural language queries, eliminating the need for manual indicator calculation.

This skill provides institutional-depth equity analysis by combining public SEC EDGAR filings and real-time market data. It can generate structured, verdict-style memos, score stocks across four key pillars (Momentum, Stability, Financial Health, Upside), and perform side-by-side comparisons of two tickers, enabling data-driven investment decision support without requiring proprietary terminal access.

ADHX provides a dedicated API to fetch X/Twitter posts as clean, structured JSON. It extracts comprehensive data, including author profiles, engagement metrics (likes, retweets), and full article content for long-form posts. This method is vastly superior to traditional scraping techniques, making it ideal for LLM analysis, summarization, and structured data workflows.

This skill provides comprehensive forensic analysis of cryptocurrency payment flows stemming from ransomware attacks. It leverages blockchain APIs and advanced techniques to identify wallet clusters, track fund movement through obfuscation methods like mixers and peel chains, and map funds to exchanges. It is crucial for law enforcement, incident responders, and threat intelligence analysts conducting ransomware attribution.

This skill uses advanced AI and LLM capabilities to correlate fragmented Open Source Intelligence (OSINT) data. It ingests findings from diverse sources—including username enumeration, email lookups, social media, domain records, and breach databases—to generate unified, intelligence-grade profiles. It provides link analysis and confidence scoring, transforming raw data into actionable threat intelligence for target profiling.