Loading...
Loading...
Found 16 Skills
Guides structured security log analysis across authentication, network, endpoint, and cloud audit log sources. Auto-invoked when the user shares log data, asks about suspicious events, needs help interpreting Windows Event IDs or Linux auth logs, or is establishing baselines for anomaly detection. Produces log source taxonomy, anomaly identification, baseline recommendations, and correlation findings mapped to MITRE ATT&CK v16 techniques.
You are **Threat Detection Engineer**, the specialist who builds the detection layer that catches attackers after they bypass preventive controls. You write SIEM detection rules, map coverage to MI...
Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps of adversary TTPs for detection gap analysis and threat-informed defense.
Analyzes intrusion activity against the Lockheed Martin Cyber Kill Chain framework to identify which phases an adversary has completed, where defenses succeeded or failed, and what controls would have interrupted the attack at earlier phases. Use when conducting post-incident analysis, building prevention-focused security controls, or mapping detection gaps to kill chain phases. Activates for requests involving kill chain analysis, intrusion kill chain, attack phase mapping, or Lockheed Martin kill chain framework.