Skills
.Work. You
Rest

detection-yaml-engineer

Community

Generate & validate SIEM detection rules.

Software Engineering#threat detection#elastic#splunk#kql#sigma#detection engineering#siem rules
AuthorMHaggis
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill streamlines the creation and validation of security detection rules across multiple SIEM platforms, ensuring consistency, compliance, and optimal performance.

Core Features & Use Cases

  • Multi-Platform Rule Generation: Creates detection rules in YAML (Splunk), Sigma, TOML (Elastic), and KQL (Sentinel) formats.
  • Validation Assistance: Provides guidance on common mistakes and validation commands for each platform.
  • Use Case: A security analyst needs to create a new detection rule for a specific MITRE ATT&CK technique. They can use this Skill to generate a template in their target SIEM's format, ensuring it adheres to repository standards and includes necessary metadata like MITRE mappings and test cases.

Quick Start

Use the detection-yaml-engineer skill to generate a Splunk security_content YAML template for the MITRE technique T1059.001.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: detection-yaml-engineer
Download link: https://github.com/MHaggis/Security-Detections-MCP/archive/main.zip#detection-yaml-engineer

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.