Skills
.Work. You
Rest

soc-analyst

Official

Run reliable SOC triage, hunts, and IR.

Data & Analytics#threat hunting#incident investigation#security operations#mitre att&ck#detection engineering#alert triage#soc analyst
AuthorUnitOneAI
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill prevents inconsistent SOC work by turning alert triage, threat hunting, and incident investigation into repeatable, auditable engagement workflows mapped to real frameworks.

Core Features & Use Cases

  • Tier 1–3 operational workflows: Guides SOC analysts through alert disposition, context building, hunting execution, containment-first incident response, and post-incident improvements.
  • Framework-grounded decisioning: Uses MITRE ATT&CK, NIST SP 800-61r2, and Lockheed Martin Cyber Kill Chain to structure findings and map analysis outputs.
  • Closed-loop detection improvement: Turns hunts and incidents into detection rule updates and validates changes via re-triage.
  • Deliverable templates: Provides ready-to-use formats for alert disposition reports, incident timelines, and threat hunt reports.

Quick Start

Use the soc-analyst role bundle to guide an investigation from a new alert through log correlation, CVE triage (when applicable), and an evidence-ready escalation decision.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: soc-analyst
Download link: https://github.com/UnitOneAI/SecuritySkills/archive/main.zip#soc-analyst

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.