Search Skills

Automates code formatting and linting fixes using Prettier and ESLint for consistent code style and quality.

A utility for connecting to REST APIs, managing authentication flows, and processing responses for seamless integration tasks.

Automates conversion of skills between Claude Code and Gemini CLI platforms, enabling seamless cross-platform compatibility and portability for developers.

Generates timestamped markdown reports for security investigation findings, saving them to the ./reports/ directory for permanent record-keeping.

Conducts hypothesis-driven threat hunting using threat intelligence, TTPs, and anomaly detection for Tier 3 security analysts, supporting iterative search and documentation.

Systematically searches SIEM for IOCs (IPs, domains, hashes, URLs) from threat intel, providing enrichment and documentation.

Automates malware incident response using PICERL methodology, orchestrating triage, containment, eradication, and recovery for endpoint security incidents.

Proactively detects lateral movement threats using PsExec, WMI, and remote process execution indicators in network environments.

Searches SIEM for behavioral indicators of credential harvesting using MITRE ATT&CK techniques.

Explores Global Threat Intelligence (GTI) relationships for an Indicator of Compromise (IOC) to discover connected entities like domains, IPs, and threat actors, expanding security investigations.

Analyzes suspicious login alerts including impossible travel and untrusted locations by evaluating user history, IP reputation, and login patterns to determine escalation needs.

Automates phishing incident response via PICERL methodology, analyzing artifacts, identifying compromised users, containing IOCs, and removing malicious emails.

Investigates and contains account compromise incidents, removes malicious persistence, and restores legitimate access.

Adds security investigation findings, actions, and recommendations to SOAR cases to maintain audit trails during incident response.

Provides a confirmation prompt before executing significant actions to prevent accidental operations, ensuring user approval for impactful tasks.

Orchestrates ransomware incident response via PICERL methodology, covering identification, containment, eradication, and recovery phases.

Correlates indicators of compromise (IOCs) with existing SIEM alerts and SOAR cases to provide context on past incidents and ongoing investigations.

Conducts comprehensive threat investigation on critical IOCs with GTI pivoting, deep SIEM analysis, and threat attribution for Tier 2+ security incidents.

Automates security alert triage by assessing ALERT_ID/CASE_ID, enriching IOCs, and determining if an alert is a false positive or requires escalation.

Automates end-to-end security alert triage including duplicate checks, IOC enrichment, and classification for false positives, benign true positives, true positives, and suspicious alerts.

Searches for APT threat actors by analyzing TTPs and IOCs from GTI and SIEM, documenting security findings.

Analyzes suspected malicious file hashes using GTI reports and behavioral indicators to identify affected systems and recommend containment actions for security incidents.

Automates SOAR case closure with required documentation including artifact ID, closure reason, and root cause for FP/BTP or completed investigations.

Checks for duplicate or similar security incidents in SOAR cases to avoid redundant investigations. Takes a CASE_ID and returns similar cases.