Skill UI

This SDK provides a comprehensive Java client for interacting with Azure Monitor. It allows developers to execute powerful Kusto Query Language (KQL) queries against Log Analytics workspaces to retrieve detailed operational logs, and to query time-series metrics from various Azure resources. It supports both synchronous and asynchronous operations, making it ideal for building monitoring, auditing, and analytics features in Java applications.

A comprehensive Python SDK for interacting with Azure Monitor services. It enables developers to execute complex Kusto Query Language (KQL) queries against Log Analytics workspaces and retrieve various resource metrics (CPU usage, network traffic, etc.). Ideal for building robust monitoring dashboards, automated alerting systems, and custom data analysis pipelines in cloud environments.

This skill guides users on querying Azure Monitor activity and sign-in logs using KQL to detect sophisticated security threats. It covers identifying suspicious administrative activities, impossible travel scenarios, privilege escalation attempts, and unauthorized resource modifications. Ideal for Security Operations Center (SOC) analysts building advanced threat hunting rules or developing cloud SIEM detections.

This skill details the implementation of a cloud-native SIEM and SOAR platform using Microsoft Sentinel. It covers ingesting multi-cloud logs (AWS, Azure, GCP), writing advanced KQL detection queries for threat hunting, and automating incident response workflows using Logic Apps. Ideal for centralized security operations in complex, multi-cloud environments.

Focuses on advanced threat detection within Azure AD/Entra ID. This skill guides users on correlating Graph API audit logs, sign-in anomalies, and KQL queries in Microsoft Sentinel to identify sophisticated lateral movement techniques, such as privilege escalation, OAuth abuse, and cross-tenant pivoting. Essential for SOC threat hunting.

This guide provides advanced detection methods and threat hunting queries (KQL/SPL) to identify abuse of Azure service principals. It covers techniques such as privilege escalation, credential compromise, unauthorized role assignment, and enumeration, essential for SOC analysts and security teams monitoring Microsoft Entra ID.

A comprehensive guide for security teams on detecting and responding to unauthorized crypto mining operations in cloud environments (AWS, Azure). It details a multi-layered approach, utilizing cost anomaly detection, compute utilization monitoring, GuardDuty findings, and network flow log analysis (VPC/KQL) to identify resource hijacking attempts and suspicious activity across EC2, ECS, and EKS workloads.

A comprehensive guide for threat hunting designed to detect various forms of privilege escalation abuse, including UAC bypass, setuid/setgid manipulation, and exploiting auto-elevating processes on Windows and Linux. It provides specific monitoring workflows, detection queries (Splunk, KQL, Sigma), and key indicators related to MITRE ATT&CK T1548.

A comprehensive guide for Security Operations Center (SOC) teams to perform proactive threat hunting using Elastic SIEM. This skill teaches advanced techniques like KQL and EQL queries, analyzing event sequences, and investigating anomalies to uncover threats that bypass automated detection rules. Ideal for validating detection coverage gaps and responding to new TTPs based on the MITRE ATT&CK framework.

Automates Outlook mail, calendar, contacts, folders, and attachments through the Rube MCP-powered Composio toolkit, letting you orchestrate KQL/OData searches and event/contact management once connections and tool schemas are established.