siem-quickstart
CommunityFast SIEM setup for Elastic Security
Software Engineering#security#provisioning#elastic#siem#log-monitoring#detection-rules#elastic-agent
Authorpatrykkopycinski
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill guides operators and security engineers through discovering security telemetry, provisioning an Elastic deployment (Cloud or on-prem), and validating detection coverage so teams can quickly establish effective SIEM monitoring without manual guesswork.
Core Features & Use Cases
- Automated discovery: Run discovery to detect Endpoint, Auditbeat, cloud logs, and network data sources and produce a security posture summary.
- Provisioning guidance: Step-by-step guidance for Cloud (create_cloud_project) or on-prem Docker stacks and ensuring Security features and Fleet are enabled.
- Integration and validation: Walk through Elastic Agent or Beats installation, configure detection rules via Kibana APIs, and re-run discovery and summaries to verify ingestion and alerting.
- Use Case: Onboard a newly deployed environment to Elastic Security to detect endpoint and network threats, enable core detection rules, and tune exceptions based on coverage gaps.
Quick Start
Use the siem-quickstart skill to discover existing security data sources, provision a Cloud or on-prem Elastic stack as needed, and validate agent enrollment and detection rules.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: siem-quickstart Download link: https://github.com/patrykkopycinski/elastic-cursor-plugin/archive/main.zip#siem-quickstart Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.