Login
Download

Skill UI

Browse and discover 5998+ curated skills
All Development Artificial Intelligence Design & Creative Product & Business Data Science Marketing Soft Skills Productivity Engineering Languages
Search threat-detection , found 45 results
Default Newest Most Downloaded

Sigma Detection Rule Builder

building-detection-rules-with-sigma
mukul975/Anthropic-Cybersecurity-Skills
460
Creates portable Sigma detection rules from threat intelligence, validating syntax and converting to Splunk, Elastic, or Sentinel queries so SOC teams can map rules to MITRE ATT&CK and reuse them in CI/CD pipelines.
View Details

Threat Hunt Hypothesis

building-threat-hunt-hypothesis-framework
mukul975/Anthropic-Cybersecurity-Skills
239
Establishes a systematic process that turns threat intelligence, ATT&CK gaps, and telemetry into testable hunting hypotheses, guiding analysts through data selection, query execution, and reporting for proactive detection and response.
View Details

Threat Intelligence Feed Integration

building-threat-intelligence-feed-integration
mukul975/Anthropic-Cybersecurity-Skills
307
Automates ingestion, normalization, scoring, and distribution of STIX/TAXII and open-source threat feeds so SOCs can match IOCs in real time across SIEM and detection tools.
View Details

Threat Campaign Correlation

correlating-threat-campaigns
mukul975/Anthropic-Cybersecurity-Skills
388
Correlates disparate incidents, IOCs, and adversary behaviors using infrastructure, capability, temporal, and victimology pivots to build campaign graphs and intelligence reports for detection tuning and attribution.
View Details

Deploy CrowdStrike EDR

deploying-edr-agent-with-crowdstrike
mukul975/Anthropic-Cybersecurity-Skills
358
Automates deploying and configuring CrowdStrike Falcon EDR agents across Windows, macOS, and Linux endpoints, tuning prevention and response policies, and integrating Falcon telemetry with SIEMs to maintain real-time behavioral and threat detection coverage.
View Details

CloudTrail Anomaly Detection

detecting-aws-cloudtrail-anomalies
mukul975/Anthropic-Cybersecurity-Skills
309
Detect suspicious API usage in AWS CloudTrail by querying events with boto3, building statistical baselines, and flagging anomalies such as new event sources, geographic shifts, frequent failures, and sensitive IAM/KMS/S3 calls to surface potential credential compromise or insider threat activity.
View Details

Beaconing Detection with Zeek

detecting-beaconing-patterns-with-zeek
mukul975/Anthropic-Cybersecurity-Skills
140
Loads Zeek conn.log via ZAT into Pandas to analyze connection intervals, computing jitter and flagging low-std periodic flows to catch C2 beaconing during network threat hunting.
View Details

Cloud Cryptomining Detection

detecting-cloud-cryptomining-activity
mukul975/Anthropic-Cybersecurity-Skills
461
Detect unauthorized crypto-mining in AWS, Azure, and GCP by correlating GuardDuty/Defender/SCC findings, compute anomalies, network flows, and container/serverless behaviors to validate threats and guide response.
View Details

GuardDuty Cloud Threat Detection

detecting-cloud-threats-with-guardduty
mukul975/Anthropic-Cybersecurity-Skills
141
Guides security teams through deploying Amazon GuardDuty with protection plans for S3, EKS, EC2 runtime monitoring, and Lambda, interpreting findings, and wiring EventBridge plus Lambda for automated responses across AWS accounts.
View Details

Insider Threat Detection

detecting-insider-threat-behaviors
mukul975/Anthropic-Cybersecurity-Skills
329
Detects insider threat behaviors by hunting for unusual data access, privilege abuse, mass downloads, and resignation-linked exfiltration across EDR, SIEM, and intelligence sources to guide incident response actions.
View Details

Detect Insider Threats

detecting-insider-threat-with-ueba
mukul975/Anthropic-Cybersecurity-Skills
319
Implements UEBA using Elasticsearch/OpenSearch to normalize authentication, file, and network logs, establish behavioral baselines, calculate anomaly scores through deviation and peer-group analysis, and correlate indicators into SOC-ready alerts for insider threat detection.
View Details

Mimikatz Execution Detection

detecting-mimikatz-execution-patterns
mukul975/Anthropic-Cybersecurity-Skills
91
Detect execution patterns of Mimikatz by correlating command-line signatures, LSASS access anomalies, binary indicators, and in-memory modules across EDR and SIEM telemetry, supporting proactive threat hunting and incident response.
View Details
Prev1234Next
Language
简体中文
English