ioc▌
16 indexed skills · max 10 per page
implementing-diamond-model-analysis
mukul975/Anthropic-Cybersecurity-Skills · implementing-diamond-model-analysis
The Diamond Model of Intrusion Analysis provides a structured framework for analyzing cyber intrusions by examining four core features - Adversary, Capability, Infrastructure, and Victim. This skill covers implementing the Diamond Model programmatically to classify and correlate intrusion events, build activity threads, and generate pivot-ready intelligence.
building-threat-intelligence-feed-integration
mukul975/Anthropic-Cybersecurity-Skills · building-threat-intelligence-feed-integration
Builds automated threat intelligence feed integration pipelines connecting STIX/TAXII feeds, open-source threat intel, and commercial TI platforms into SIEM and security tools for real-time IOC matching and alerting. Use when SOC teams need to operationalize threat intelligence by automating feed ingestion, normalization, scoring, and distribution to detection systems.
performing-malware-hash-enrichment-with-virustotal
mukul975/Anthropic-Cybersecurity-Skills · performing-malware-hash-enrichment-with-virustotal
Enrich malware file hashes using the VirusTotal API to retrieve detection rates, behavioral analysis, YARA matches, and contextual threat intelligence for incident triage and IOC validation.
performing-dark-web-monitoring-for-threats
mukul975/Anthropic-Cybersecurity-Skills · performing-dark-web-monitoring-for-threats
Dark web monitoring involves systematically scanning Tor hidden services, underground forums, paste sites, and dark web marketplaces to identify threats targeting an organization, including leaked cre
analyzing-campaign-attribution-evidence
mukul975/Anthropic-Cybersecurity-Skills · analyzing-campaign-attribution-evidence
Campaign attribution analysis involves systematically evaluating evidence to determine which threat actor or group is responsible for a cyber operation. This skill covers collecting and weighting attr
implementing-stix-taxii-feed-integration
mukul975/Anthropic-Cybersecurity-Skills · implementing-stix-taxii-feed-integration
STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Intelligence Information) are OASIS open standards for representing and transporting cyber threat intelligence.
performing-indicator-lifecycle-management
mukul975/Anthropic-Cybersecurity-Skills · performing-indicator-lifecycle-management
Indicator lifecycle management tracks IOCs from initial discovery through validation, enrichment, deployment, monitoring, and eventual retirement. This skill covers implementing systematic processes f
building-threat-intelligence-platform
mukul975/Anthropic-Cybersecurity-Skills · building-threat-intelligence-platform
Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified system for collecting, analyzing, enriching, and disseminating threat intelligence. T
building-ioc-enrichment-pipeline-with-opencti
mukul975/Anthropic-Cybersecurity-Skills · building-ioc-enrichment-pipeline-with-opencti
OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its native data model. This skill covers building an automated IOC enrichment pipeline using O
performing-malware-ioc-extraction
mukul975/Anthropic-Cybersecurity-Skills · performing-malware-ioc-extraction
Malware IOC extraction is the process of analyzing malicious software to identify actionable indicators of compromise including file hashes, network indicators (C2 domains, IP addresses, URLs), regist