Skill UI

This tool assists in defining a structured Security Operations Center (SOC) escalation matrix. It maps incident response procedures based on severity (P1-P4), asset criticality, and business impact. Users can model tiered response paths, set Service Level Agreements (SLAs), and implement context-driven automatic escalation triggers to ensure rapid and consistent handling of cybersecurity incidents.

This guide details the deployment of deception technologies, including canary files and honeypot shares, to detect ransomware activity at its earliest stages. It outlines configuring file integrity monitoring (FIM) and using specialized tokens to trigger alerts when ransomware attempts encryption or performs lateral movement, significantly enhancing security posture beyond standard EDR.

This skill guides the deployment of canary tokens and honeytokens across critical systems, such as fake AWS credentials, DNS records, and document beacons. These decoys are designed to trigger immediate alerts via webhooks when accessed by attackers, serving as a powerful early warning system for breach detection and intrusion detection.

This playbook guides Security Operations Center (SOC) analysts through a comprehensive, multi-step process for triaging and prioritizing security incidents. It covers receiving alerts from SIEM/EDR, enriching data using threat intelligence feeds (VirusTotal, AbuseIPDB), classifying the incident type (MITRE ATT&CK mapping), and calculating a severity score based on asset criticality and data sensitivity. The workflow culminates in automating ticket creation and triggering immediate response procedures via tools like PagerDuty.

This skill outlines the architecture and methodology for deploying canary files (honeytokens) across critical file systems. By placing decoy documents with known content in high-value locations, this system monitors for unauthorized modifications, deletions, or encryption attempts. It detects ransomware by triggering high-fidelity alerts via File Integrity Monitoring (FIM) systems, serving as a crucial deception layer that complements existing EDR/AV solutions.

A comprehensive provider for integrating Eufy security cameras (supporting local P2P or cloud connectivity). This tool facilitates stable RTSP streaming for live monitoring and efficiently captures event-triggered video clips. It is designed for advanced systems that require continuous video feeds and reliable event-based data input for AI analysis and monitoring solutions.

This tool provides comprehensive integration for Reolink security cameras, supporting both RTSP streaming and HTTP API access. It allows users to discover cameras via ONVIF, capture live streams, take snapshots, and even capture motion-triggered video clips. It is ideal for developers building robust, networked surveillance or monitoring systems.

This skill integrates Aegis detection events directly into Home Assistant. By firing specific `aegis_detection` events, it allows users to automate actions in their smart home setup. Users can configure automations to automatically turn on lights, send notifications, or execute complex routines based on detected security activity. Requires HA credentials for secure connection.