roth-detection-engineering
CommunityPortable threat detection with YARA & Sigma.
Software Engineering#threat hunting#security automation#sigma#yara#malware analysis#detection engineering
Authorcopyleftdev
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill streamlines the creation and deployment of threat detection rules, making them portable across different security platforms and fostering community collaboration.
Core Features & Use Cases
- Portable Rule Creation: Write detection logic once using Sigma and deploy it across various SIEMs.
- Malware Signature Matching: Develop and utilize YARA rules for precise identification of malicious files and memory artifacts.
- Use Case: A security analyst needs to create a detection rule for a new phishing campaign. They can use this Skill to write a Sigma rule that will work in their Splunk instance, as well as in other teams' Elastic SIEM, ensuring consistent detection coverage.
Quick Start
Use the roth-detection-engineering skill to generate a Sigma rule for detecting suspicious PowerShell download cradles.
Dependency Matrix
Required Modules
PyYAML
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: roth-detection-engineering Download link: https://github.com/copyleftdev/sk1llz/archive/main.zip#roth-detection-engineering Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.