sigma AI Agent Skills
Browse 15 skills related to sigma
sigma-algebras
Problem-solving strategies for sigma algebras in measure theory
detection-coverage-analysis
Analyzes detection coverage using Sigma, Splunk, and Elastic rules. Use when checking coverage for techniques, tactics, threat actors, or generating Navigator layers from detections.
convening-experts
Convenes expert panels for problem-solving. Use when user mentions panel, experts, multiple perspectives, MECE, DMAIC, RAPID, Six Sigma, root cause analysis, strategic decisions, or process improvement.
validate_omega_27
The Ultimate FlashSquirrel Omega-27 Industrial Certification. Combines 17 layers of Static standards (Alpha) with 10 layers of Dynamic stability (Sigma). Triggers: "omega audit", "27層驗證", "industrial certification", "omega score"
validate_runtime_10
FlashSquirrel 10-Layer Dynamic Validation System (Sigma Scale). Ensures environment consistency, dynamic stability, and goal fulfillment. Triggers: "runtime check", "sigma", "10層驗證", "stability audit"
detection-sigma
Generic detection rule creation and management using Sigma, the universal SIEM rule format. Sigma provides vendor-agnostic detection logic for log analysis across multiple SIEM platforms. Use when: (1) Creating detection rules for security monitoring, (2) Converting rules between SIEM platforms (Splunk, Elastic, QRadar, Sentinel), (3) Threat hunting with standardized detection patterns, (4) Building detection-as-code pipelines, (5) Mapping detections to MITRE ATT&CK tactics, (6) Implementing compliance-based monitoring rules.
operations
Operations excellence expertise for supply chain optimization, process improvement (Lean, Six Sigma), capacity planning, vendor management, quality assurance, and operational efficiency. Use when optimizing processes, managing supply chains, or improving operational performance.
detection-engineer
Create detection rules and hunting queries from malware analysis findings. Use when you need to write Sigma rules for SIEM, Suricata rules for network IDS, defang IOCs for safe sharing, or convert analysis findings into actionable detection content for SOC teams and threat hunters.
custom-signatures
Create and deploy custom IOCs, YARA rules, Sigma rules, and STIX indicators for THOR scans.
mapping-mitre-attack-techniques
Maps observed adversary behaviors, security alerts, and detection rules to MITRE ATT&CK techniques and sub-techniques to quantify detection coverage and guide control prioritization. Use when building an ATT&CK-based coverage heatmap, tagging SIEM alerts with technique IDs, aligning security controls to adversary playbooks, or reporting threat exposure to executives. Activates for requests involving ATT&CK Navigator, Sigma rules, MITRE D3FEND, or coverage gap analysis.
building-detection-rules-with-sigma
Builds vendor-agnostic detection rules using the Sigma rule format for threat detection across SIEM platforms including Splunk, Elastic, and Microsoft Sentinel. Use when creating portable detection logic from threat intelligence, mapping rules to MITRE ATT&CK techniques, or converting community Sigma rules into platform-specific queries using sigmac or pySigma backends.
extracting-windows-event-logs-artifacts
Extract, parse, and analyze Windows Event Logs (EVTX) using Chainsaw, Hayabusa, and EvtxECmd to detect lateral movement, persistence, and privilege escalation.
agentprivacy-separation-enforcement
Active maintenance of the dual-agent separation boundary Φ(Σ) for 0xagentprivacy architecture. Activates when designing the swordsman-mage boundary, verifying that signing and viewing capabilities remain orthogonal, detecting separation violations, or building the enforcement mechanisms that keep det(Σ) ≠ 0 — the mathematical guarantee that no single entity can both protect and project. Triggers: "separation", "dual-agent boundary", "swordsman mage split", "Phi Sigma", "det Sigma", "signing viewing separation", "orthogonality", "information-theoretic bound", "separation violation", "gap enforcement".
Process Improvement (Lean & Six Sigma)
USE THIS SKILL when the user asks about process improvement, Lean, Six Sigma, DMAIC, value stream mapping, waste reduction, process optimization, cycle time reduction, process KPIs, process maturity, or operational efficiency. Also trigger when someone mentions "8 wastes," "DOWNTIME," "kaizen," "continuous improvement," "bottleneck analysis," "quick wins," or requests an improvement roadmap for any operational process.
convening-experts
Convenes expert panels for problem-solving. Use when user mentions panel, experts, multiple perspectives, MECE, DMAIC, RAPID, Six Sigma, root cause analysis, strategic decisions, or process improvement.