log-analysis--siem-integration

Solid

Security log parsing, anomaly detection, SIEM query building, Sigma rule creation, and correlation rule development across Splunk, Elastic, QRadar, and Microsoft Sentinel

Web & Frontend 47 stars 3 forks Updated today MIT

Install

View on GitHub

Quality Score: 89/100

Stars 20%
56
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
80
License 10%
100
Description 5%
100

Skill Content

# Log Analysis & SIEM Integration ## Purpose Enable Claude to assist with security log analysis across all major platforms. Claude directly parses and analyzes log samples provided by the user, builds SIEM queries for any platform, creates Sigma rules for portable detection, develops correlation rules, and identifies anomalous patterns in log data. --- ## Activation Triggers This skill activates when the user asks about: - Parsing Windows Event Logs, Linux syslog, or application logs - Building Splunk SPL, Elastic KQL/EQL, QRadar AQL, or Sentinel KQL queries - Creating Sigma rules for platform-agnostic detection - Detecting anomalies or attack patterns in log data - Building SIEM correlation rules for complex attack scenarios - Converting queries between SIEM platforms - Log source health monitoring and gap analysis - Detecting lateral movement, privilege escalation, or persistence in logs - EVTX analysis or Windows audit log review --- ## Prerequisites ```bash pip install pandas pyyaml python-dateutil ``` **Platform tools:** - `Splunk` — Splunk Web, SPL, and SOAR - `Elastic Stack` — Kibana, KQL, EQL - `Microsoft Sentinel` — KQL, Workbooks - `IBM QRadar` — AQL, Rules - `Sigma` — Platform-agnostic rule format - `python-evtx` — Parse Windows .evtx files without Windows --- ## Core Capabilities ### 1. Log Parsing & Analysis **When the user pastes logs or provides log files:** Claude directly reads and analyzes logs to extract security-relevant events. **Windows Ev...

Details

Author
Masriyan
Repository
Masriyan/Claude-Code-CyberSecurity-Skill
Created
3 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Elasticsearch · Database

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

log-analyzer

Review log data for suspicious events and help Claude explain what stands out, why it matters, and which findings deserve escalation or follow-up.

0 Updated 1 months ago
maxwellokumu
DevOps & Infrastructure Listed

siem-logging

Configure security information and event management (SIEM) systems for threat detection, log aggregation, and compliance. Use when implementing centralized security logging, writing detection rules, or meeting audit requirements across cloud and on-premise infrastructure.

368 Updated 5 months ago
ancoleman
AI & Automation Solid

analyzing-logs

This skill enables Claude to analyze logs for performance insights and issue detection. It is triggered when the user requests log analysis, performance troubleshooting, or debugging assistance. The skill identifies slow requests, error patterns, resource warnings, and other key performance indicators within log files. Use this skill when the user mentions "analyze logs", "performance issues", "error patterns in logs", "slow requests", or requests help with "log aggregation". It helps identify performance bottlenecks and improve application stability by analyzing log data.

2,266 Updated today
jeremylongshore
Data & Documents Solid

network-security--traffic-analysis

Network traffic analysis, PCAP parsing, IDS/IPS rule creation, firewall configuration auditing, and network anomaly detection

47 Updated today
Masriyan
AI & Automation Solid

log-analysis-security

Execute log analysis security operations. Auto-activating skill for Security Advanced. Triggers on: log analysis security, log analysis security Part of the Security Advanced skill category. Use when working with log analysis security functionality. Trigger with phrases like "log analysis security", "log security", "log".

2,266 Updated today
jeremylongshore