Detection Query Optimizer
CommunityOptimize SIEM queries for speed.
AuthorMHaggis
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps security analysts and engineers write more efficient detection queries for Splunk (SPL), Microsoft Sentinel (KQL), and Elastic Security (EQL/ES|QL), reducing query execution time and resource consumption.
Core Features & Use Cases
- Platform-Specific Guidance: Provides detailed optimization techniques tailored to SPL, KQL, and EQL/ES|QL.
- Search Pipeline Internals: Explains how each SIEM processes queries to identify bottlenecks.
- Anti-Pattern Identification: Highlights common mistakes that lead to slow queries.
- Use Case: A security engineer is experiencing slow performance with a new Splunk detection rule. They use this Skill to understand why and refactor the SPL query to run significantly faster, allowing for more frequent execution.
Quick Start
Optimize a Splunk SPL query for performance by following the provided guidance.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: Detection Query Optimizer Download link: https://github.com/MHaggis/Security-Detections-MCP/archive/main.zip#detection-query-optimizer Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.