Loading...
Loading...
Found 3 Skills
Analyzes indicators of compromise (IOCs) including IP addresses, domains, file hashes, URLs, and email artifacts to determine maliciousness confidence, campaign attribution, and blocking priority. Use when triaging IOCs from phishing emails, security alerts, or external threat feeds; enriching raw IOCs with multi-source intelligence; or making block/monitor/whitelist decisions. Activates for requests involving VirusTotal, AbuseIPDB, MalwareBazaar, MISP, or IOC enrichment pipelines.
Conducts security investigations on SOC Compass. The AI agent reads workspace context, asks the user to run SIEM queries, analyzes results, and writes verdicts. Supports multiple alerts in parallel via subagent dispatch. Use when the user mentions SOC Compass, security investigations, alert triage, SIEM queries, threat analysis, Splunk, Elastic, Sentinel, IOC lookups, investigation workspaces, or multiple alerts. Do not use for general cybersecurity questions not involving the SOC Compass platform.
Use this skill when responding to security incidents, conducting forensic analysis, containing breaches, or writing incident reports. Triggers on security incident, breach response, forensics, containment, eradication, recovery, incident report, IOC analysis, and any task requiring security incident management.