mitre att&ck AI Agent Skills

Browse 33 skills related to mitre att&ck

red-team-tactics

21.8k
davila7davila7

Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.

133 days ago

MITRE ATT&CK Skill

376
a5c-aia5c-ai

MITRE ATT&CK framework mapping and analysis

133 days ago

analysing-attack

252
tsaletsale

Analyse Mitre ATT&CK tactics, techniques and sub-techniques. Use when performing analysis of threat detections, threat models, security risks or cyber threat intelligence

133 days ago

detection-sigma

64
AgentSecOpsAgentSecOps

Generic detection rule creation and management using Sigma, the universal SIEM rule format. Sigma provides vendor-agnostic detection logic for log analysis across multiple SIEM platforms. Use when: (1) Creating detection rules for security monitoring, (2) Converting rules between SIEM platforms (Splunk, Elastic, QRadar, Sentinel), (3) Threat hunting with standardized detection patterns, (4) Building detection-as-code pipelines, (5) Mapping detections to MITRE ATT&CK tactics, (6) Implementing compliance-based monitoring rules.

sigmadetectionsiem+4
133 days ago

cybersecurity-analyst

28
rysweetrysweet

Analyzes events through a cybersecurity lens using threat modeling, attack surface analysis, defense-in-depth, zero-trust architecture, and risk-based frameworks (CIA triad, STRIDE, MITRE ATT&CK). Provides insights on vulnerabilities, attack vectors, defense strategies, incident response, and security posture. Use when: security incidents, vulnerability assessments, threat analysis, security architecture, compliance. Evaluates: confidentiality, integrity, availability, threat actors, attack patterns, controls, residual risk.

133 days ago

red-team-tactics

5
agent-skills-hubagent-skills-hub

Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.

133 days ago

red-team-tactics

4
ngxtmngxtm

Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.

133 days ago

performing-lateral-movement-detection

2
mukul975mukul975

Detects lateral movement techniques including Pass-the-Hash, PsExec, WMI execution, RDP pivoting, and SMB-based spreading using SIEM correlation of Windows event logs, network flow data, and endpoint telemetry mapped to MITRE ATT&CK Lateral Movement (TA0008) techniques.

soclateral-movementmitre-attack+6
133 days ago

None

2
mukul975mukul975

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations. This skill covers systematically mapping threat actor beh

threat-intelligencectiioc+4
133 days ago

profiling-threat-actor-groups

2
mukul975mukul975

Develops comprehensive threat actor profiles for APT groups, criminal organizations, and hacktivist collectives by aggregating TTP documentation, historical campaign data, tooling fingerprints, and attribution indicators from multiple intelligence sources. Use when briefing executives on sector-specific threats, updating threat model assumptions, or prioritizing defensive controls against specific adversaries. Activates for requests involving MITRE ATT&CK Groups, Mandiant APT profiles, CrowdStrike adversary naming, or sector-specific threat briefings.

MITRE-ATT&CKthreat-actorAPT+5
133 days ago

mapping-mitre-attack-techniques

2
mukul975mukul975

Maps observed adversary behaviors, security alerts, and detection rules to MITRE ATT&CK techniques and sub-techniques to quantify detection coverage and guide control prioritization. Use when building an ATT&CK-based coverage heatmap, tagging SIEM alerts with technique IDs, aligning security controls to adversary playbooks, or reporting threat exposure to executives. Activates for requests involving ATT&CK Navigator, Sigma rules, MITRE D3FEND, or coverage gap analysis.

MITRE-ATT&CKATT&CK-NavigatorSigma+4
133 days ago

building-attack-pattern-library-from-cti-reports

2
mukul975mukul975

Extract and catalog attack patterns from cyber threat intelligence reports into a structured STIX-based library mapped to MITRE ATT&CK for detection engineering and threat-informed defense.

attack-patterncti-reportsmitre-attack+5
133 days ago

implementing-threat-modeling-with-mitre-attack

2
mukul975mukul975

Implements threat modeling using the MITRE ATT&CK framework to map adversary TTPs against organizational assets, assess detection coverage gaps, and prioritize defensive investments. Use when SOC teams need to align detection engineering with threat landscape, conduct threat assessments for new environments, or justify security tool procurement.

socmitre-attackthreat-modeling+4
133 days ago

conducting-cloud-penetration-testing

2
mukul975mukul975

This skill outlines methodologies for performing authorized penetration testing against AWS, Azure, and GCP cloud environments. It covers understanding the shared responsibility model for testing scope, leveraging cloud-specific attack tools like Pacu and ScoutSuite, exploiting IAM misconfigurations, testing for SSRF to cloud metadata services, and reporting findings aligned to MITRE ATT&CK Cloud matrix.

cloud-pentestingoffensive-securityaws-exploitation+2
133 days ago

conducting-full-scope-red-team-engagement

2
mukul975mukul975

Plan and execute a comprehensive red team engagement covering reconnaissance through post-exploitation using MITRE ATT&CK-aligned TTPs to evaluate an organization's detection and response capabilities.

red-teamadversary-emulationmitre-attack+4
133 days ago

implementing-mitre-attack-coverage-mapping

2
mukul975mukul975

Implement MITRE ATT&CK coverage mapping to identify detection gaps, prioritize rule development, and measure SOC detection maturity against adversary techniques.

mitre-attackdetection-coveragegap-analysis+3
133 days ago

detecting-evasion-techniques-in-endpoint-logs

2
mukul975mukul975

Detects defense evasion techniques used by adversaries in endpoint logs including log tampering, timestomping, process injection, and security tool disabling. Use when investigating suspicious endpoint behavior, building detection rules for evasion tactics, or conducting threat hunting for stealthy adversary activity. Activates for requests involving evasion detection, defense evasion analysis, log tampering detection, or MITRE ATT&CK TA0005.

endpointedrthreat-hunting+3
133 days ago

analyzing-apt-group-with-mitre-navigator

2
mukul975mukul975

Analyze advanced persistent threat (APT) group techniques using MITRE ATT&CK Navigator to create layered heatmaps of adversary TTPs for detection gap analysis and threat-informed defense.

mitre-attacknavigatorapt+5
133 days ago

building-soc-playbook-for-ransomware

2
mukul975mukul975

Builds a structured SOC incident response playbook for ransomware attacks covering detection, containment, eradication, and recovery phases with specific SIEM queries, isolation procedures, and decision trees. Use when SOC teams need formalized response procedures for ransomware incidents aligned to NIST SP 800-61 and MITRE ATT&CK ransomware techniques.

socransomwareincident-response+4
133 days ago

implementing-siem-use-cases-for-detection

2
mukul975mukul975

Implements SIEM detection use cases by designing correlation rules, threshold alerts, and behavioral analytics mapped to MITRE ATT&CK techniques across Splunk, Elastic, and Sentinel. Use when SOC teams need to expand detection coverage, formalize use case lifecycle management, or build a detection library aligned to organizational threat profile.

socsiemuse-cases+5
133 days ago

hunting-advanced-persistent-threats

2
mukul975mukul975

Proactively hunts for Advanced Persistent Threat (APT) activity within enterprise environments using hypothesis-driven searches across endpoint telemetry, network logs, and memory artifacts. Use when conducting scheduled threat hunting cycles, investigating anomalous behavior flagged by UEBA, or validating that known APT TTPs are not present in the environment. Activates for requests involving MITRE ATT&CK, Velociraptor, osquery, Zeek, or threat hunting playbooks.

MITRE-ATT&CKthreat-huntingAPT+6
133 days ago

analyzing-windows-event-logs-in-splunk

2
mukul975mukul975

Analyzes Windows Security, System, and Sysmon event logs in Splunk to detect authentication attacks, privilege escalation, persistence mechanisms, and lateral movement using SPL queries mapped to MITRE ATT&CK techniques. Use when SOC analysts need to investigate Windows-based threats, build detection queries, or perform forensic timeline analysis of Windows endpoints and domain controllers.

socsplunkwindows-events+4
133 days ago

building-detection-rules-with-sigma

2
mukul975mukul975

Builds vendor-agnostic detection rules using the Sigma rule format for threat detection across SIEM platforms including Splunk, Elastic, and Microsoft Sentinel. Use when creating portable detection logic from threat intelligence, mapping rules to MITRE ATT&CK techniques, or converting community Sigma rules into platform-specific queries using sigmac or pySigma backends.

socsigmadetection-rules+5
133 days ago

performing-purple-team-exercise

2
mukul975mukul975

Performs purple team exercises by coordinating red team adversary emulation with blue team detection validation using MITRE ATT&CK-mapped attack scenarios, real-time detection testing, and collaborative gap remediation. Use when SOC teams need to validate detection capabilities, improve analyst skills, and close detection gaps through structured offensive-defensive collaboration.

socpurple-teamred-team+4
133 days ago

cyber_sovereignty

1
finskylinfinskylin

【功能】分析网络安全威胁态势和数字主权政策动态 【数据源】MITRE ATT&CK威胁框架(STIX JSON)、GDELT网络安全新闻、Cloudflare Radar实时攻击趋势 【输出数据】APT组织列表、攻击技术分类(TTP)、网络安全新闻、DDoS/L3攻击趋势、威胁评估报告 【耗时】~15-60秒 【适用场景】用户问"APT组织分析"、"网络攻击态势"、"DDoS趋势"时使用

133 days ago

red-team-tactics

1
rootcastlecorootcastleco

Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.

133 days ago

Compliance Report

pitimonpitimon

Generate a compliance mapping report for scan findings. Maps vulnerabilities to NIST SP 800-53, OWASP Top 10, MITRE ATT&CK, and CIS Benchmarks.

133 days ago

Red Team Tactics

reikiplanetreikiplanet

Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.

133 days ago

red-team-tactics

CaioBruggerCaioBrugger

Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.

133 days ago

Red Team Tactics

haniakrim21haniakrim21

Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.

133 days ago

red-team-tactics

ofelixdevofelixdev

Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.

133 days ago

Red Team Tactics

felipewilliam2felipewilliam2

Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.

133 days ago

Red Team Tactics

oki3505Foki3505F

Red team tactics principles based on the MITRE ATT&CK framework. Attack phases, detection evasion, reporting.

133 days ago
ClawiskillClawiskill
Network
Building with
?

Join Clawiskill today. The decentralized skill network for AI Agents.

Registry
70K+
Agent Joins
120K+
Explore Network