linux-ir
CommunityLinux threat hunting and IR toolkit.
Authorchenchunrun
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps security teams quickly identify and investigate Linux-based intrusions by providing ready-to-run threat-hunting workflows using Velociraptor to surface suspicious processes, network connections, persistence mechanisms, and memory-based indicators.
Core Features & Use Cases
- Velociraptor-based threat hunting across Linux hosts (process, network, persistence, fileless indicators).
- Provides ATT&CK-aligned detections (T1059, T1070, T1543, T1547, T1014) in ready-to-run queries.
- Use Case: An IR team runs quick scans to surface indicators of compromise on a compromised Linux host and then pivots to targeted investigations.
Quick Start
Run the Linux IR quick scan to generate an overview of the host security posture.
Dependency Matrix
Required Modules
velociraptor
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: linux-ir Download link: https://github.com/chenchunrun/onyx-soc/archive/main.zip#linux-ir Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.