Skills
.Work. You
Rest

secops-triage

Official

Streamline SOC triage to classify alerts fast.

Data & Analytics#alerts#triage#case-management#incident-response#SOC#security-ops
Authorgoogle
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Security operations teams need a repeatable, transparent process to triage alerts and cases, identify false positives, benign true positives, and true positives, and decide when to escalate or close.

Core Features & Use Cases

  • Standardized Alert Triage Protocol that guides context gathering, duplicate detection, related cases lookup, SIEM enrichment, and final actions.
  • Supports remote and local tooling workflows to determine escalation paths and next steps in incident response.
  • Use Case: A newly surfaced alert is quickly assessed for legitimacy, linked to existing cases, enriched with SIEM context, and either closed or escalated for investigation.

Quick Start

Provide an ALERT_ID or CASE_ID to begin triage of an alert or case. The skill will guide you through context gathering, duplication checks, SIEM enrichment, enrichment, and final actions.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: secops-triage
Download link: https://github.com/google/mcp-security/archive/main.zip#secops-triage

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.