building-attack-pattern-library-from-cti-reports
CommunityTurn CTI reports into a searchable ATT&CK library
Data & Analytics#nlp#detection-engineering#threat-intelligence#mitre-attack#stix#attack-pattern#cti-reports
AuthorAxxxxxxaaann
Version1.0.0
Installs0
System Documentation
What problem does it solve?
CTI reports often describe adversary behaviors in plain language, making it hard for defenders to reuse insights. This Skill extracts, normalizes, and catalogs these behaviors into a structured ATT&CK-aligned attack pattern library to support detection engineering and threat-informed defense.
Core Features & Use Cases
- Parse CTI reports to identify observable behaviors and map them to MITRE ATT&CK techniques.
- Build STIX 2.1 Attack Pattern objects and assemble a searchable library aligned to tactics, techniques, and threat actors.
- Generate detection templates (e.g., Sigma rules) and integrate with detection pipelines for rapid rule development.
- Use cases include threat intel teams, SOC analysts, and red/blue teams creating reusable patterns from CTI.
Quick Start
Process a CTI report to produce a STIX Attack Pattern library and detection templates.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: building-attack-pattern-library-from-cti-reports Download link: https://github.com/Axxxxxxaaann/KAIRI-Skills/archive/main.zip#building-attack-pattern-library-from-cti-reports Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.