creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-14 15:04:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Initial commit - 611 cybersecurity skills across all subdomains

Browse Source
This commit is contained in:
mukul975
2026-02-25 10:47:44 +01:00
commit 22a7ab1462
1765 changed files with 280648 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/implementing-mitre-attack-coverage-mapping/references/standards.md
+40
View File
@@ -0,0 +1,40 @@
# Standards - MITRE ATT&CK Coverage Mapping
## MITRE ATT&CK Framework
- Current version: v18.1 (December 2025)
- 14 Tactics, 200+ Techniques, 400+ Sub-Techniques
- Domains: Enterprise, Mobile, ICS
### Tactics (Kill Chain Order)
1. Reconnaissance (TA0043)
2. Resource Development (TA0042)
3. Initial Access (TA0001)
4. Execution (TA0002)
5. Persistence (TA0003)
6. Privilege Escalation (TA0004)
7. Defense Evasion (TA0005)
8. Credential Access (TA0006)
9. Discovery (TA0007)
10. Lateral Movement (TA0008)
11. Collection (TA0009)
12. Command and Control (TA0011)
13. Exfiltration (TA0010)
14. Impact (TA0040)
## Detection Maturity Model
| Level | Description |
|---|---|
| L0 | No detection capability for the technique |
| L1 | Basic log collection for relevant data sources |
| L2 | Detection rule deployed but not validated |
| L3 | Validated detection with known false positive rate |
| L4 | Automated testing and continuous validation |
| L5 | Behavioral detection with ML-based anomaly detection |
## Related Frameworks
- MITRE D3FEND (Defensive techniques)
- MITRE ATT&CK Data Sources
- NIST CSF Detection function
- SANS Detection Maturity Level model
skills/implementing-mitre-attack-coverage-mapping/references/workflows.md
+51
View File
@@ -0,0 +1,51 @@
# Workflows - MITRE ATT&CK Coverage Mapping
## Quarterly Coverage Assessment Workflow
```
1. Export all active SIEM detection rules
|
v
2. Map each rule to MITRE ATT&CK technique(s)
|
v
3. Score each technique (0-100)
|
v
4. Generate ATT&CK Navigator heatmap
|
v
5. Identify top 10 gap techniques
|
v
6. Prioritize based on threat landscape
|
v
7. Create detection engineering backlog
|
v
8. Build and deploy new rules
|
v
9. Validate with adversary emulation
|
v
10. Update coverage map
```
## Continuous Improvement Cycle
```
Assess Coverage --> Identify Gaps --> Prioritize -->
Build Rules --> Test Rules --> Deploy --> Validate -->
Measure --> Report --> Repeat
```
## Gap Closure Tracking
| Week | New Rules | Techniques Covered | Coverage Delta |
|---|---|---|---|
| 1 | 3 | T1059, T1055, T1003 | +1.5% |
| 2 | 2 | T1053, T1547 | +1.0% |
| 3 | 3 | T1071, T1105, T1048 | +1.5% |
| 4 | 2 | T1218, T1036 | +1.0% |