opensearch-detection-engineer
CommunityAuthor safe OpenSearch SIEM detections fast
Software Engineering#opensearch#siem#sigma#mitre att&ck#detection engineering#incident escalation#dsl translation
Authornotque
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill prevents broken or unsafe SIEM detections by enforcing OpenSearch Security Analytics methodology, strict field validation, MITRE ATT&CK completeness, and production-grade safety checks before any detector or monitor is created.
Core Features & Use Cases
- SIGMA-first detection authoring with OpenSearch Security Analytics translation patterns to produce deterministic, vendor-neutral rules.
- Field existence and schema validation using OpenSearch mapping checks (GET index/_mapping) to avoid silent failures from missing or mis-typed fields.
- MITRE ATT&CK mapping and escalation-ready packages that require technique ID + tactic and a validated 9-field SOC escalation payload for Tier-1/Tier-2 workflows.
- OpenSearch detection safety guardrails that detect chained findings index flood risk and field alias bootstrap conflicts, with concrete remediation steps.
Quick Start
Use the opensearch-detection-engineer skill to translate a given SIGMA rule into OpenSearch Security Analytics detector and verify every referenced field exists in the target index mapping before you propose creation.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: opensearch-detection-engineer Download link: https://github.com/notque/vexjoy-agent/archive/main.zip#opensearch-detection-engineer Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.