Skill UI

This skill guides the creation of high-quality, finished cyber threat intelligence reports. It tails content for specific audiences—from C-suite executives (strategic risk) to SOC analysts (tactical IOCs). Use it when synthesizing raw data into actionable intelligence products, generating threat briefings, or conducting post-incident assessments, ensuring adherence to industry standards like TLP and NIST.

This skill implements the Diamond Model framework, providing a structured approach to analyzing complex cyber intrusions. It allows users to programmatically classify and correlate events based on four core elements: Adversary, Capability, Infrastructure, and Victim. Key functionalities include building activity threads, identifying pivot points, and generating comprehensive, pivot-ready threat intelligence reports.

This tool guides the deployment and configuration of the Dragos Platform for critical Operational Technology (OT) and Industrial Control System (ICS) network monitoring. It leverages over 600 industrial protocol parsers and advanced threat intelligence to detect sophisticated attacks (e.g., VOLTZITE, GRAPHITE). Use it for building an OT Security Operations Center (SOC), asset discovery, and vulnerability management in industrial settings, integrating alerts with enterprise SIEMs.

A comprehensive guide for deploying and managing network deception systems using industry-leading honeypot platforms like OpenCanary, T-Pot, and Cowrie. This skill helps security professionals detect unauthorized access attempts, trace lateral movement, and gather critical threat intelligence by simulating vulnerable services within a controlled environment. Ideal for enhancing network security architecture and creating early warning indicators for intrusions.

A comprehensive guide to deploying and configuring Proofpoint Email Protection as a Secure Email Gateway (SEG). This solution establishes a critical security checkpoint that uses advanced ML, sandboxing, and threat intelligence to detect and block sophisticated threats, including phishing, malware, BEC, and spam, before they reach the user inbox. Ideal for organizations strengthening their email security architecture and meeting compliance standards.

This guide demonstrates how to programmatically create, validate, and exchange complex structured threat intelligence objects (Indicators, Malware, Campaigns) using the STIX 2.1 standard and the stix2 Python library. It covers the full lifecycle of intelligence sharing, including defining patterns and publishing data via TAXII 2.1, making it essential for building sophisticated Threat Intelligence Platforms (TIPs) and integrating with SIEM/SOAR systems.

This skill provides a comprehensive guide to integrating STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information). It covers using Python to consume and produce cyber threat intelligence feeds, including server discovery, object fetching, and parsing of STIX 2.1 objects for integration into SIEM and TIP platforms.

This skill guides the deployment and configuration of a TAXII 2.1 server using OpenTAXII. It enables automated, standardized exchange of STIX-formatted cyber threat intelligence (CTI) indicators between organizations. Use cases include establishing secure threat sharing pipelines, integrating with SIEM/SOAR platforms, and meeting stringent compliance requirements.

This skill guides the implementation of a structured, six-phase threat intelligence lifecycle. It covers transforming raw data into actionable intelligence by mastering planning, collection, processing, analysis, dissemination, and feedback. Ideal for building mature Cyber Threat Intelligence (CTI) programs and aligning security architecture with compliance standards.

Build a PyMISP-driven threat intelligence platform that ingests multiple IOC feeds, tags MITRE ATT&CK techniques, enriches data via VirusTotal and AbuseIPDB, and exports STIX 2.1 bundles for SIEM pipelines.

This guide details how to implement NextDNS as a zero-trust DNS filtering layer. By utilizing encrypted resolution (DoH/DoT) and real-time threat intelligence, it blocks malicious domains, prevents data exfiltration, filters ads/trackers, and enforces granular security policies across all endpoints, aligning with Zero Trust principles and enhancing overall network security.

This skill guides the end-to-end management of the Cyber Threat Intelligence (CTI) lifecycle. It covers defining Priority Intelligence Requirements (PIRs), planning data collection, processing data, performing multi-level analysis (Strategic, Operational, Tactical), disseminating tailored reports, and establishing continuous feedback loops to ensure intelligence relevance and maturity.