detection-reviewer
CommunityExpert detection quality assurance.
Software Engineering#quality assurance#threat hunting#SIEM#security operations#MITRE ATT&CK#detection engineering
AuthorMHaggis
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill addresses the critical need for rigorous quality assurance in security detection rules, ensuring their accuracy, effectiveness, and operational readiness before deployment.
Core Features & Use Cases
- Comprehensive Rule Validation: Performs multi-stage checks on detection rules, covering structure, logic, threat intelligence mapping, false positive risk, test coverage, and operational impact.
- Multi-Format Support: Works with rules in SPL, KQL, Sigma, and Elastic formats.
- Use Case: A security engineer needs to review a newly developed Splunk detection rule for a critical MITRE ATT&CK technique. They use this Skill to ensure the rule is performant, accurate, has adequate test coverage, and clearly documented investigation steps.
Quick Start
Use the detection-reviewer skill to validate the attached Splunk detection rule file 'suspicious_process_creation.spl'.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: detection-reviewer Download link: https://github.com/MHaggis/Security-Detections-MCP/archive/main.zip#detection-reviewer Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.