security-detection-rule-management
OfficialManage Elastic Security detection rules.
Software Engineering#security#threat detection#rule management#false positives#detection rules#kibana
Authorelastic
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill streamlines the process of creating, tuning, and managing detection rules within Elastic Security, helping to reduce false positives and improve threat detection coverage.
Core Features & Use Cases
- Rule Creation: Define and deploy new detection rules based on threat intelligence or observed activity.
- False Positive Tuning: Identify and mitigate noisy rules by adding exceptions or refining rule queries.
- Rule Management: Enable, disable, or delete existing rules as needed.
- Use Case: A security analyst notices a specific rule is generating too many alerts for legitimate activity. They use this Skill to add a targeted exception, scope it to the specific rule, and significantly reduce alert fatigue without compromising detection for other threats.
Quick Start
Use the security-detection-rule-management skill to find the noisiest detection rules from the last 7 days.
Dependency Matrix
Required Modules
@elastic/elasticsearchnode-fetch
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: security-detection-rule-management Download link: https://github.com/elastic/agent-skills/archive/main.zip#security-detection-rule-management Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.