Data Source Mapper
CommunityMap MITRE ATT&CK to data sources.
Software Engineering#telemetry#threat intelligence#data sources#mitre att&ck#detection engineering#siem mapping
AuthorMHaggis
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill addresses the challenge of understanding which specific data sources are required to detect various MITRE ATT&CK techniques, and how to map fields across different SIEM platforms.
Core Features & Use Cases
- Technique-to-Data Source Mapping: Provides a clear mapping of ATT&CK techniques to essential data sources across endpoint, cloud, and network telemetry.
- Cross-Schema Field Comparison: Compares and maps common field names across Splunk CIM, Elastic ECS, Sigma, and Sentinel/MDE (KQL).
- Use Case: A security analyst needs to determine if their current logging covers the "LSASS dump" technique (T1003.001). They consult this skill to find that Sysmon Event ID 10 (ProcessAccess) is required and can then verify if this event is being collected and how its fields map to their SIEM.
Quick Start
Use the Data Source Mapper skill to find the required data sources for the T1059.001 technique.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: Data Source Mapper Download link: https://github.com/MHaggis/Security-Detections-MCP/archive/main.zip#data-source-mapper Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.