evaluating-threat-intelligence-platforms

Featured

Evaluates and selects Threat Intelligence Platform (TIP) products based on organizational requirements including feed integration capability, STIX/TAXII support, workflow automation, analyst interface, and total cost of ownership. Use when conducting a TIP procurement, migrating between TIP solutions, or assessing whether the current TIP meets program maturity requirements. Activates for requests involving ThreatConnect, MISP, OpenCTI, Anomali, EclecticIQ, or TIP procurement decisions.

AI & Automation 4,197 stars 458 forks Updated 1 months ago Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%

100

Recency 20%

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Evaluating Threat Intelligence Platforms ## When to Use Use this skill when: - Conducting a formal RFP or vendor evaluation for a TIP solution - Assessing whether the current TIP (e.g., MISP) needs to be replaced or augmented as the CTI program scales - Establishing evaluation criteria aligned to organizational maturity and budget **Do not use** this skill for evaluating feed quality independently of the TIP — feed evaluation is a separate workflow focused on data quality rather than platform capabilities. ## Prerequisites - Documented CTI program requirements: team size, feed sources, integration targets, use cases - Budget range and procurement timeline - Technical staff who will administer the platform (Python/API experience for open-source TIPs) - List of current and planned integrations (SIEM, SOAR, EDR, firewalls) ## Workflow ### Step 1: Define Evaluation Criteria Structure requirements into mandatory (M) and desired (D) categories: **Core TIP Functions**: - M: STIX 2.1 import/export with TAXII 2.1 server - M: REST API for automated IOC ingestion and export - M: Indicator deduplication and TTL management - M: TLP classification enforcement - D: Built-in MITRE ATT&CK integration and technique tagging - D: Graph visualization of indicator relationships - D: Workflow automation for analyst triage **Integrations**: - M: SIEM integration (Splunk, Sentinel, QRadar) via syslog, API, or native connector - M: EDR integration for IOC push (CrowdStrike, Defender, Senti...

Details

Author: mukul975
Repository: mukul975/Anthropic-Cybersecurity-Skills
Created: 2 months ago
Last Updated: 1 months ago
Language: Python
License: Apache-2.0

Integrates with

REST API · API

Similar Skills

Semantically similar based on skill content — not just same category

Web & Frontend Solid

secops-hunt

Expert guidance for proactive threat hunting. Use this when the user asks to "hunt" for threads, IOCs, or specific TTPs.

486 Updated 2 weeks ago

google

AI & Automation Featured

prd-v05-technical-stack-selection

Determine technologies needed to build the product, making build/buy/integrate decisions during PRD v0.5 Red Team Review. Handles both greenfield and brownfield contexts. Triggers on requests to select tech stack, evaluate technologies, make build vs. buy decisions, discover existing assets, or when user asks "what technologies?", "select tech stack", "build or buy?", "what do we reuse?", "existing stack", "technical decisions", "what tools do we need?", "evaluate solutions". Consumes FEA- (features), SCR- (screens), RISK- (constraints). Outputs TECH- entries with decisions, rationale, and trade-offs. Feeds v0.6 Architecture Design.

215 Updated 3 days ago

mattgierhart

Data & Documents Listed

osint-investigator

OSINT Investigator v2.1 — comprehensive open-source intelligence skill. Triggers on: OSINT, recon, digital footprint, dorking, social media investigation, username lookups, email tracing, domain recon, entity mapping, OPSEC, image verification, metadata analysis, threat intel, people search, background research. Slash commands: /dork, /recon, /pivot, /entity, /timeline, /analyze-metadata, /verif-photo, /sock-opsec, /report, /simple-report, /full, /track, /link, /entities, /confidence, /export-entities, /import-entities, /compare, /timeline-entity, /find-path, /visualize, /stats, /export-graph, /risk-score, /anomaly, /pattern, /threat-model, /sanitize, /export-risk, /wizard, /template, /simple-mode, /progress, /save-checkpoint, /load-checkpoint, /qa-check, /coverage, /gaps, /verify-sources. Professional playbooks: journalist verification, HR background checks, cyber threat intel, private investigation. Integrations: Maltego, Obsidian, Notion.

34 Updated 2 months ago

dkyazzentwatwa

AI & Automation Listed

n8n-workflow-architect

Strategic automation architecture advisor. Use when users want to plan automation solutions, evaluate their tech stack (Shopify, Zoho, HubSpot, etc.), decide between n8n vs Python/Claude Code, or need guidance on production-ready automation design. Invokes plan mode for complex architectural decisions.

28 Updated 5 months ago

promptadvisers