Loading...
Loading...
Found 5 Skills
Analyze system, application, and security logs for forensic investigation. Use when investigating security incidents, insider threats, system compromises, or any scenario requiring analysis of log data. Supports Windows Event Logs, Syslog, web server logs, and application-specific log formats.
Generate audit reports and compliance trails using Harness audit trail data via MCP v2 tools. Track user actions, resource changes, authentication events, and access patterns across accounts, organizations, and projects. Use when asked to audit activity, generate compliance reports, investigate security incidents, review user actions, check change logs, or produce SOC2/GDPR/HIPAA audit evidence. Trigger phrases: audit report, audit trail, compliance audit, user activity log, change log, access audit, security investigation, who changed what, audit events.
Query Alibaba Cloud DDoS Pro (ddoscoo) block/intercept reasons via SLS full logs and ddoscoo CLI. Analyzes detailed information about intercepted requests including CC protection rules, precise access control rules, region blocking, and IP blacklist policies. Use when users report being blocked by DDoS Pro, encounter block pages, or need to investigate and remediate DDoS protection rules. Trigger words: "DDoS block query", "blocked by DDoS Pro", "DDoS intercept", "ddoscoo intercept query", "CC block", "precise access control block", "高防拦截查询", "request blocked by anti-ddos"
Query Alibaba Cloud WAF block reasons via SLS logs and WAF CLI. Analyzes detailed information about blocked requests. Optionally supports disabling WAF rules (ModifyDefenseRuleStatus) and managing log service settings (ModifyUserWafLogStatus, ModifyResourceLogStatus). Use when users report being blocked by WAF, encounter 405/block error pages, or need to investigate and remediate WAF security rules. Trigger words: "WAF block query", "blocked by WAF", "405 troubleshooting", "request blocked", "checkresponse", "intercept query", "disable WAF rule", "enable WAF log"
Audit Trail investigations - who changed what, key compromise, cost spike root cause, compliance evidence (SOC 2/PCI), and AI activity auditing.