Search Skills
Search across 54932 indexed skills
building-soc-metrics-and-kpi-tracking
Use this skill when: SOC leadership needs data-driven visibility into operational performance Continuous improvement programs require baseline measure...
performing-cloud-forensics-with-aws-cloudtrail
When investigating suspected AWS account compromise After detecting unauthorized API calls or credential exposure During incident response involving c...
analyzing-linux-system-artifacts
When investigating a compromised Linux server or workstation For identifying persistence mechanisms (cron, systemd, SSH keys) When tracing user activi...
implementing-disk-encryption-with-bitlocker
Use this skill when: Encrypting Windows endpoints to protect data at rest for compliance (PCI DSS, HIPAA, GDPR) Deploying BitLocker across enterprise ...
implementing-patch-management-for-ot-systems
When establishing a formal OT patch management program for the first time When responding to critical ICS-CERT advisories affecting deployed OT system...
detecting-privilege-escalation-in-kubernetes-pods
Privilege escalation in Kubernetes occurs when a pod or container gains elevated permissions beyond its intended scope. This includes running as root,...
hunting-for-unusual-network-connections
When proactively hunting for indicators of hunting for unusual network connections in the environment After threat intelligence indicates active campa...
performing-post-quantum-cryptography-migration
When assessing organizational readiness for the NIST post-quantum cryptography transition When building a cryptographic inventory to identify quantum-...
configuring-host-based-intrusion-detection
Use this skill when: Deploying HIDS agents (Wazuh, OSSEC, AIDE) across Windows and Linux endpoints Configuring file integrity monitoring (FIM) for com...
implementing-network-segmentation-with-firewall-zones
Network segmentation divides a flat network into isolated security zones with firewall-enforced boundaries to contain breaches, restrict lateral movem...
building-detection-rule-with-splunk-spl
Splunk Search Processing Language (SPL) is the primary query language used in Splunk Enterprise Security for building correlation searches that detect...
detecting-modbus-command-injection-attacks
When deploying intrusion detection for environments using Modbus TCP (port 502) or Modbus RTU When investigating suspected unauthorized modifications ...