triage-suspicious-login
CommunityTriaging suspicious logins for rapid escalation.
Data & Analytics#risk-assessment#triage#anomaly-detection#SOC#security-operations#ip-enrichment#suspicious-login
Authordandye
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Triage and adjudicate suspicious login alerts (impossible travel, untrusted location, multiple failed logins) to determine legitimacy and escalate when needed.
Core Features & Use Cases
- Gather case context from SOAR and extract key entities (USER_ID, SOURCE_IP, HOSTNAME) for a login alert.
- Enrich user and IP context using MCP and GTI data to assess risk and patterns.
- Synthesize findings into a concise verdict and escalation recommendations for Tier 1-3 analysts.
Quick Start
Start triage by supplying CASE_ID and optional USER_ID or SOURCE_IP to initialize context gathering and enrichment.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: triage-suspicious-login Download link: https://github.com/dandye/ai-runbooks/archive/main.zip#triage-suspicious-login Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.