Skills
.Work. You
Rest

ioc-investigation

Community

Automates IoC investigations with integrated TI.

Data & Analytics#automation#investigation#sentinel#threat-intelligence#kql#ioc#defender
AuthorSCStelz
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill automates comprehensive IoC investigations, linking indicators with Defender Threat Intelligence, Sentinel TI tables, advanced hunting results, and CVE correlations to assess organizational exposure.

Core Features & Use Cases

  • Parallel threat intelligence collection across Defender and Sentinel sources for rapid IoC enrichment.
  • IoC type normalization and extraction (IP, domain, URL, hash) with domain extraction from URLs.
  • CVE correlation and device enumeration to map affected assets and exposure.
  • JSON export and structured reporting to support security incident reviews.

Quick Start

Ask the system to "Investigate IoC 203.0.113.42" or "Check threat intel for domain example.com" and the skill will run parallel data sources, perform CVE correlation, and export a JSON report.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: ioc-investigation
Download link: https://github.com/SCStelz/security-investigator/archive/main.zip#ioc-investigation

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.