threat-detection

Solid

Use when hunting for threats in an environment, analyzing IOCs, or detecting behavioral anomalies in telemetry. Covers hypothesis-driven threat hunting, IOC sweep generation, z-score anomaly detection, and MITRE ATT&CK-mapped signal prioritization.

AI & Automation 16,642 stars 2295 forks Updated yesterday MIT

Install

View on GitHub

Quality Score: 93/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Threat Detection Threat detection skill for proactive discovery of attacker activity through hypothesis-driven hunting, IOC analysis, and behavioral anomaly detection. This is NOT incident response (see incident-response) or red team operations (see red-team) — this is about finding threats that have evaded automated controls. --- ## Table of Contents - [Overview](#overview) - [Threat Signal Analyzer](#threat-signal-analyzer) - [Threat Hunting Methodology](#threat-hunting-methodology) - [IOC Analysis](#ioc-analysis) - [Anomaly Detection](#anomaly-detection) - [MITRE ATT&CK Signal Prioritization](#mitre-attck-signal-prioritization) - [Deception and Honeypot Integration](#deception-and-honeypot-integration) - [Workflows](#workflows) - [Anti-Patterns](#anti-patterns) - [Cross-References](#cross-references) --- ## Overview ### What This Skill Does This skill provides the methodology and tooling for **proactive threat detection** — finding attacker activity through structured hunting hypotheses, IOC analysis, and statistical anomaly detection before alerts fire. ### Distinction from Other Security Skills | Skill | Focus | Approach | |-------|-------|----------| | **threat-detection** (this) | Finding hidden threats | Proactive — hunt before alerts | | incident-response | Active incidents | Reactive — contain and investigate declared incidents | | red-team | Offensive simulation | Offensive — test defenses from attacker perspective | | cloud-security | Cloud misconfigur...

Details

Author
alirezarezvani
Repository
alirezarezvani/claude-skills
Created
7 months ago
Last Updated
yesterday
Language
Python
License
MIT

Integrates with

OpenAI · AI Anthropic · AI

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

hunting-advanced-persistent-threats

Proactively hunts for Advanced Persistent Threat (APT) activity within enterprise environments using hypothesis-driven searches across endpoint telemetry, network logs, and memory artifacts. Use when conducting scheduled threat hunting cycles, investigating anomalous behavior flagged by UEBA, or validating that known APT TTPs are not present in the environment. Activates for requests involving MITRE ATT&CK, Velociraptor, osquery, Zeek, or threat hunting playbooks.

12,642 Updated today
mukul975
Data & Documents Solid

threat-hunting--ioc-analysis

IOC extraction, threat intelligence correlation, MITRE ATT&CK mapping, hunt hypothesis generation, and detection rule creation

47 Updated today
Masriyan
AI & Automation Listed

abnormal-security-threats

Use this skill when working with Abnormal Security threat detection and analysis - BEC, phishing, malware, socially-engineered attacks, spam, graymail, and credential theft. Covers threat types, attack vectors, severity assessment, remediation actions, and investigation workflows. Essential for MSP security analysts investigating email-borne threats detected by Abnormal Security's AI-powered behavioral engine.

25 Updated yesterday
wyre-technology
AI & Automation Solid

ai-security

Use when assessing AI/ML systems for prompt injection, jailbreak vulnerabilities, model inversion risk, data poisoning exposure, or agent tool abuse. Covers MITRE ATLAS technique mapping, injection signature detection, and adversarial robustness scoring.

16,642 Updated yesterday
alirezarezvani
AI & Automation Featured

performing-threat-hunting-with-elastic-siem

Performs proactive threat hunting in Elastic Security SIEM using KQL/EQL queries, detection rules, and Timeline investigation to identify threats that evade automated detection. Use when SOC teams need to hunt for specific ATT&CK techniques, investigate anomalous behaviors, or validate detection coverage gaps using Elasticsearch and Kibana Security.

12,642 Updated today
mukul975