cyber-defense-team

# Cyber Defense Team Skill Orchestrate a 4-agent pipeline that analyzes log files for security threats and produces an incident report. ## Pipeline Architecture ``` [You] → Team Lead (this skill) │ ├─[1]─→ log-ingestor (haiku) → cyber-defense-events.json │ ├─[2]─→ anomaly-detector (sonnet) → cyber-defense-anomalies.json │ (reads events.json) ├─[3]─→ risk-classifier (sonnet) → cyber-defense-risk.json │ (reads anomalies.json) └─[4]─→ threat-reporter (sonnet) → cyber-defense-report.md (reads all 3 JSON files) ``` Stages 2 and 3 are sequential (each depends on previous output). Stage 4 runs after all data is ready. ## Execution Steps ### Step 1 — Validate Input Check that the log file exists (or that log content was provided inline). If the path doesn't exist, tell the user immediately — don't proceed. ### Step 2 — Spawn Log Ingestor Use the Agent tool to spawn the `log-ingestor` agent: ``` Task: Parse the log file at [log_path] and write structured events to cyber-defense-events.json. Log path: [log_path] ``` Wait for completion. Confirm `cyber-defense-events.json` was created. ### Step 3 — Spawn Anomaly Detector Use the Agent tool to spawn the `anomaly-detector` agent: ``` Task: Read cyber-defense-events.json and detect anomalies. Write results to cyber-def...