Skill UI

A comprehensive guide utilizing Splunk Enterprise Security and SPL to conduct deep forensic analysis of security incidents. This skill covers correlating disparate sources like Windows event logs, firewall records, proxy data, and Sysmon logs to detect TTPs, reconstruct timelines, and identify anomalies, making it essential for incident response and threat hunting.

A comprehensive guide for security professionals on detecting and preventing ARP spoofing and poisoning attacks. The skill covers multiple layers of defense, including implementing Dynamic ARP Inspection (DAI) on managed switches, utilizing ARPWatch for continuous monitoring, performing deep packet inspection with Wireshark, and developing custom Python scripts for real-time anomaly detection. Essential for mitigating Man-in-the-Middle (MitM) attacks at Layer 2.

This solution automates the processing of AWS GuardDuty findings using EventBridge and AWS Lambda. It enables real-time incident response capabilities, including automatic quarantine of compromised EC2 resources, comprehensive forensic snapshot creation, and immediate high-severity security notifications via SNS. Ideal for SOC teams seeking to drastically reduce Mean Time To Response (MTTR) and strengthen cloud security posture.

Suricata is a high-performance, open-source network threat detection engine used for deep packet inspection. This skill details the deployment and configuration of Suricata in Intrusion Prevention System (IPS) mode. It covers setting up custom rules, integrating third-party rulesets (like Emerging Threats), and actively blocking malicious traffic in real time, making it essential for robust network security and compliance enforcement.

This guide details how to implement NextDNS as a zero-trust DNS filtering layer. By utilizing encrypted resolution (DoH/DoT) and real-time threat intelligence, it blocks malicious domains, prevents data exfiltration, filters ads/trackers, and enforces granular security policies across all endpoints, aligning with Zero Trust principles and enhancing overall network security.

A comprehensive guide and workflow for digital forensic investigators to analyze ransomware artifacts. This process involves preserving volatile evidence (memory dumps), identifying the ransomware variant from file extensions and ransom notes, establishing the attack timeline using Prefetch and Event Logs, and extracting critical Indicators of Compromise (IoCs) such as Bitcoin addresses and Tor sites. Essential for incident response and recovery planning.

This guide provides a comprehensive framework for investigating production issues on the Nexu platform using the Datadog Logs API. It details how to query crash events, analyze OpenClaw stderr output, check gateway startup status, and review API request logs (including 5xx errors). It includes best practices for authentication, filtering by pod/time, and parsing raw JSON logs using Python for actionable insights.

This utility publishes various Aegis-related events (such as person detection, alerts, and clip completion) to an MQTT broker. It is designed for seamless integration with smart home and automation platforms like Home Assistant or Node-RED, enabling real-time, event-driven monitoring and system linkage.

WizTelemetry Ruler is a core extension component within the KubeSphere Observability Platform. It provides comprehensive capabilities for defining, managing, and evaluating advanced alerting rules. Users can configure rules based on native Kubernetes events, KubeSphere auditing events, and application logs, ensuring proactive monitoring and timely alerts through sinks like AlertManager.

Generates a comprehensive, structured, and blameless incident postmortem document. This skill is designed for Root Cause Analysis (RCA), P1/P2 incident reviews, and outage reports, ensuring the focus remains on systemic gaps and preventative action items rather than individual blame. It guides the user through gathering all necessary details, from the timeline and impact to defining concrete action owners and due dates.