Skills
.Work. You
Rest

defensive-fast-triage

Community

Speed up SOC triage with rapid, precise alerts

Data & Analytics#triage#escalation#incident-response#soc#kql#security-operations#defender
Authorriparino
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Rapid SOC triage SOP: alert severity matrix, first-5-minutes checklist, escalation triggers, fast KQL queries. Covers shell-from-web-process, LSASS access, Defender disabled, AiTM sign-in. Use for L1/L2 analyst speed and alert prioritization.

Core Features & Use Cases

  • Triage Severity Matrix: defines actions by alert type and severity for quick decision making.
  • First 5 Minutes checklist: structured steps to scope, process-tree, network, and persistence checks.
  • KQL Examples: ready-to-use queries for common Defender and device events.
  • Escalation Triggers: clear criteria to escalate to IR or SecOps.

Quick Start

Load this skill during a security incident to guide rapid triage steps from alert to escalation.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: defensive-fast-triage
Download link: https://github.com/riparino/Claude-Cyber/archive/main.zip#defensive-fast-triage

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.