ioc-extraction
CommunityExtract, classify, and map IOCs to STIX
Authorjmagly
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill automates the tedious and error-prone process of manually identifying and cataloging Indicators of Compromise (IOCs) from various digital investigation artifacts.
Core Features & Use Cases
- Comprehensive Extraction: Identifies and extracts a wide range of IOCs including IP addresses, domain names, file hashes, URLs, email addresses, file paths, and registry keys.
- Intelligent Classification & Deduplication: Automatically classifies each IOC by type and removes duplicates, ensuring a clean and actionable dataset.
- STIX 2.1 Mapping: Generates a STIX 2.1 observable bundle, enabling seamless integration with threat intelligence platforms and SIEMs.
- Use Case: After a security incident, use this skill to quickly process log files and memory dumps to generate a STIX report of all identified malicious indicators, ready for ingestion into your threat hunting tools.
Quick Start
Use the ioc-extraction skill to extract indicators from all files under the .aiwg/forensics directory.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: ioc-extraction Download link: https://github.com/jmagly/aiwg/archive/main.zip#ioc-extraction Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.