Skill: CVE Attribution (Intel ICS)
CommunityAttribute exploitation CVEs from your investigation
Legal & Compliance#confidence scoring#vulnerability mapping#ioc enrichment#dfir triage#cve attribution#intel ics
Authorrjonhaas
Version1.0.0
Installs0
System Documentation
What problem does it solve?
It determines which known vulnerabilities (specific CVEs) likely explain observed attacker techniques in a completed DFIR investigation narrative.
Core Features & Use Cases
- CVE-focused evidence reasoning: correlates version-confirming artifacts (software versions, installer strings, registry/amcache entries) with exploitation mechanisms described in the investigation report and COP.
- Confidence-based attribution: produces High/Moderate/Low confidence CVE conclusions, or safely falls back to CWE/vulnerability-class statements without inventing CVE IDs.
- Structured output and report integration: writes a dedicated cve_attribution.md artifact and instructs how to merge Section 3B back into the investigation report and update timelines, COP, and IOC tables.
Quick Start
Use the CVE Attribution Skill after your investigation report and COP are finalized to generate cve_attribution.md and then re-run the investigation-report integration step.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: Skill: CVE Attribution (Intel ICS) Download link: https://github.com/rjonhaas/SIFTics/archive/main.zip#skill-cve-attribution-intel-ics Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.