siem-rules
CommunityBuild and tune SIEM detection rules efficiently.
Authordo360now
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps security teams develop, refine, and manage SIEM detection rules to identify cyber threats promptly.
Core Features & Use Cases
- Rule Development: Guides creation of detection queries in KQL (Microsoft Sentinel) or SPL (Splunk) for various attack techniques.
- Tuning and Optimization: Provides best practices for threshold setting and reducing false positives.
- Lifecycle Management: Assists in monitoring, updating, and deprecating detection rules to maintain detection coverage and effectiveness.
- Use Case: A security analyst wants to craft a detection rule for brute-force login attempts and periodically tune its thresholds based on the environment baseline.
Quick Start
Generate a detection query to identify multiple failed logins from the same IP in the last 10 minutes.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: siem-rules Download link: https://github.com/do360now/security-agents/archive/main.zip#siem-rules Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.