ueba AI Agent Skills
Browse 8 skills related to ueba
zero-script-qa
Zero Script QA - Testing methodology without test scripts. Uses structured JSON logging and real-time Docker monitoring for verification. Use proactively when user needs to verify features through log analysis instead of test scripts. Triggers: zero script qa, log-based testing, docker logs, 제로 스크립트 QA, ゼロスクリプトQA, 零脚本QA, QA sin scripts, pruebas basadas en logs, registros de docker, QA sans script, tests basés sur les logs, journaux docker, skriptloses QA, log-basiertes Testen, Docker-Logs, QA senza script, test basati sui log, log docker Do NOT use for: unit testing, static analysis, or projects without Docker setup.
performing-user-behavior-analytics
Performs User and Entity Behavior Analytics (UEBA) to detect anomalous user activities including impossible travel, unusual access patterns, privilege abuse, and insider threats using SIEM-based behavioral baselines and statistical analysis. Use when SOC teams need to identify compromised accounts or insider threats through deviation from established behavioral norms.
detecting-insider-threat-behaviors
Detect insider threat behavioral indicators including unusual data access, off-hours activity, mass file downloads, privilege abuse, and resignation-correlated data theft.
hunting-advanced-persistent-threats
Proactively hunts for Advanced Persistent Threat (APT) activity within enterprise environments using hypothesis-driven searches across endpoint telemetry, network logs, and memory artifacts. Use when conducting scheduled threat hunting cycles, investigating anomalous behavior flagged by UEBA, or validating that known APT TTPs are not present in the environment. Activates for requests involving MITRE ATT&CK, Velociraptor, osquery, Zeek, or threat hunting playbooks.
investigating-insider-threat-indicators
Investigates insider threat indicators including data exfiltration attempts, unauthorized access patterns, policy violations, and pre-departure behaviors using SIEM analytics, DLP alerts, and HR data correlation. Use when SOC teams receive insider threat referrals from HR, detect anomalous data movement by employees, or need to build investigation timelines for potential insider threats.
detecting-anomalous-authentication-patterns
Detects anomalous authentication patterns using UEBA analytics, statistical baselines, and machine learning models to identify impossible travel, credential stuffing, brute force, password spraying, and compromised account behaviors across authentication logs. Activates for requests involving authentication anomaly detection, login behavior analysis, UEBA implementation, or suspicious sign-in investigation.
e2e-qa-tester
Ejecuta pruebas E2E y QA manual usando Playwright MCP para verificar la ultima tarea completada en la conversacion. Usar cuando se necesite: (1) Probar un flujo recien implementado, (2) Verificar que una funcionalidad funciona correctamente, (3) Hacer QA manual de una nueva feature, (4) Testear formularios, flujos de autenticacion, o cualquier interaccion de usuario. El skill busca credenciales en CREDENTIALS.md, intenta conectar al puerto 5173 por defecto, y pide confirmacion antes de ejecutar las pruebas.
qa
Alias corto para ejecutar pruebas E2E y QA manual. Usar cuando quieras probar la ultima funcionalidad implementada con /qa.