security-detection-engineering
CommunityTurn threat hypotheses into robust rules.
Authorpatrykkopycinski
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Validate and operationalize threat hypotheses by guiding the creation, testing, and tuning of custom detection rules across KQL, EQL, ES|QL, and threshold types to protect Elastic environments.
Core Features & Use Cases
- Workflow-driven rule authoring: from hypothesis to rule publication with iterative tuning.
- Multi-DSL support: KQL, EQL, ES|QL, and threshold rules for diverse data sources.
- Use Case: Brute-force authentication detection, lateral movement, and data exfiltration, with MITRE ATT&CK mapping workflows.
Quick Start
Start by discovering available security data sources and select a detection approach to draft your first rule.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: security-detection-engineering Download link: https://github.com/patrykkopycinski/elastic-cursor-plugin/archive/main.zip#security-detection-engineering Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.