Loading...
Loading...
Found 3 Skills
Guides defensive security analysis—alert triage, log and SIEM investigation, threat hunting, detection engineering basics, MITRE ATT&CK mapping, incident scoping, containment recommendations, and DFIR evidence handling for SOC and blue-team analysts. Use when investigating security alerts, writing detection rules, tuning false positives, analyzing EDR/network/auth logs, building timelines of suspicious activity, recommending containment steps, or documenting findings for incident command—not for enterprise security strategy (cybersecurity), CI/CD pipeline hardening (devsecops), offensive pentest execution (authorize red team separately), or LLM adversarial testing (ai-redteam), or designing on-call rotations and postmortem programs (incident-management-engineer).
Extract and catalog attack patterns from cyber threat intelligence reports into a structured STIX-based library mapped to MITRE ATT&CK for detection engineering and threat-informed defense.
Guides proactive threat hunting for advanced SOC—hypothesis-driven hunt campaigns, advanced SIEM/query workflows, baseline and anomaly analysis, MITRE ATT&CK–aligned techniques, threat intel fusion, detection engineering feedback, and hunt reporting with IR handoff. Use for threat hunting, proactive hunt, hypothesis-driven detection, advanced SOC, hunt campaign, detection engineering, MITRE ATT&CK hunt, anomaly hunting—not routine SOC alert triage (soc-analyst), declared incident command (incident-responder), adversary simulation campaigns (red-team-specialist), disk forensics acquisition (digital-forensics-analyst), authorized pentest (penetration-tester), or binary RE lab work (reverse-engineer).