Skills
.Work. You
Rest

triage-alert

Community

Triages alerts to close false positives quickly.

Data & Analytics#alerts#triage#escalation#case-management#siem#security-operations#gti
Authordandye
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This skill standardizes the initial assessment of security alerts to determine if they represent real threats requiring investigation or can be closed as false positives.

Core Features & Use Cases

  • Initial context gathering: retrieve full details of alerts and cases, extract key indicators (IPs, domains, hashes, users) for correlation.
  • Enrichment & correlation: perform GTI enrichment and SIEM lookups to build context, search for related open cases, and identify duplicates.
  • Decision & escalation: classify alerts as FP/BTP/TP/Suspicious and, if needed, escalate to Tier 2 or trigger relevant runbooks with documented rationale.
  • Use Case: Given ALERT_ID, quickly determine if the alert is actionable or should be closed as a benign event, reducing mean time to decision.

Quick Start

Triage the alert CASE_ID=1234 to determine whether to close or escalate.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: triage-alert
Download link: https://github.com/dandye/ai-runbooks/archive/main.zip#triage-alert

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.