Threat Hunting & IOC Analysis

Official

Turn threat intel into hunt-ready detections

AuthorGhostPWN
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill removes the manual overhead of turning threat reports, advisories, and logs into usable hunting intelligence, so analysts can move faster from raw evidence to actionable defense.

Core Features & Use Cases

  • IOC Extraction and Normalization: Pulls indicators such as IPs, domains, hashes, URLs, emails, and file paths from text and normalizes or defangs them for safe sharing.
  • MITRE ATT&CK Mapping: Converts observed behaviors and techniques into ATT&CK tactics, techniques, sub-techniques, and Navigator layers for consistent analysis.
  • Detection and Hunt Engineering: Produces hunt hypotheses, SIEM queries, and Sigma-style detection logic for platforms such as Splunk, Elastic, and Microsoft Sentinel.
  • Use Case: A threat hunter can feed in a security advisory, extract indicators, map the attacker behavior, and generate a focused hunt plan with measurable outcomes.

Quick Start

Ask the skill to analyze a threat report, extract the indicators of compromise, map the behaviors to MITRE ATT&CK, and draft a hunt hypothesis with detection logic.

Dependency Matrix

Required Modules

None required

Components

scripts

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: Threat Hunting & IOC Analysis
Download link: https://github.com/GhostPWN/ghostpwn/archive/main.zip#threat-hunting-ioc-analysis

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.