mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-13 19:05:17 +03:00
Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
This commit is contained in:
@@ -0,0 +1,21 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2025 Anthropic Agent Skills Contributors
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
@@ -0,0 +1,64 @@
|
||||
# API Reference: CISA Zero Trust Maturity Model Assessment Agent
|
||||
|
||||
## Dependencies
|
||||
|
||||
| Library | Version | Purpose |
|
||||
|---------|---------|---------|
|
||||
| (stdlib only) | Python 3.8+ | JSON processing, assessment logic |
|
||||
|
||||
## CLI Usage
|
||||
|
||||
```bash
|
||||
python scripts/agent.py \
|
||||
--data /assessments/zt_responses.json \
|
||||
--output-dir /reports/ \
|
||||
--output ztmm_report.json
|
||||
```
|
||||
|
||||
## Functions
|
||||
|
||||
### `assess_control(control, implemented, maturity) -> dict`
|
||||
Scores a single control: 0 (Traditional) to 3 (Optimal).
|
||||
|
||||
### `assess_pillar(pillar, responses) -> dict`
|
||||
Evaluates all controls within a CISA ZT pillar. Returns score, percentage, and maturity level.
|
||||
|
||||
### `compute_overall_maturity(pillar_results) -> dict`
|
||||
Aggregates pillar scores into overall maturity: Traditional/Initial/Advanced/Optimal.
|
||||
|
||||
### `generate_recommendations(pillar_results) -> list`
|
||||
Identifies unimplemented controls, prioritizes by pillar weakness.
|
||||
|
||||
### `generate_report(data_path) -> dict`
|
||||
Full assessment pipeline: load data, assess 5 pillars, compute maturity, generate recommendations.
|
||||
|
||||
## CISA ZT Pillars
|
||||
|
||||
| Pillar | Controls Assessed |
|
||||
|--------|-------------------|
|
||||
| Identity | MFA, phishing-resistant MFA, JIT access, PAM |
|
||||
| Devices | Inventory, EDR, health attestation, posture |
|
||||
| Networks | Microsegmentation, encrypted DNS, SDP |
|
||||
| Applications | Inventory, access controls, API security |
|
||||
| Data | Classification, DLP, encryption at rest |
|
||||
|
||||
## Input Data Format
|
||||
|
||||
```json
|
||||
{
|
||||
"Identity": {
|
||||
"MFA enforced for all users": {"implemented": true, "maturity": "Advanced"},
|
||||
"Phishing-resistant MFA (FIDO2/PIV)": {"implemented": false, "maturity": "Traditional"}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Output Schema
|
||||
|
||||
```json
|
||||
{
|
||||
"overall_maturity": {"percentage": 52.3, "maturity_level": "Advanced"},
|
||||
"pillars": [{"pillar": "Identity", "percentage": 66.7, "maturity_level": "Advanced"}],
|
||||
"recommendations": [{"pillar": "Devices", "control": "EDR deployed", "priority": "HIGH"}]
|
||||
}
|
||||
```
|
||||
@@ -0,0 +1,176 @@
|
||||
#!/usr/bin/env python3
|
||||
"""CISA Zero Trust Maturity Model assessment agent for organizational ZT posture evaluation."""
|
||||
|
||||
import argparse
|
||||
import json
|
||||
import logging
|
||||
import os
|
||||
import sys
|
||||
from datetime import datetime
|
||||
from typing import Dict, List
|
||||
|
||||
logging.basicConfig(level=logging.INFO, format="%(asctime)s [%(levelname)s] %(message)s")
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
PILLARS = ["Identity", "Devices", "Networks", "Applications", "Data"]
|
||||
MATURITY_LEVELS = ["Traditional", "Initial", "Advanced", "Optimal"]
|
||||
CROSS_CUTTING = ["Visibility & Analytics", "Automation & Orchestration", "Governance"]
|
||||
|
||||
PILLAR_CONTROLS = {
|
||||
"Identity": [
|
||||
"MFA enforced for all users",
|
||||
"Phishing-resistant MFA (FIDO2/PIV)",
|
||||
"Continuous identity validation",
|
||||
"Identity lifecycle management",
|
||||
"Privileged access management",
|
||||
"Just-in-time access provisioning",
|
||||
],
|
||||
"Devices": [
|
||||
"Device inventory and compliance",
|
||||
"EDR deployed on all endpoints",
|
||||
"Device health attestation",
|
||||
"Real-time posture assessment",
|
||||
"Automated remediation for non-compliant devices",
|
||||
],
|
||||
"Networks": [
|
||||
"Microsegmentation implemented",
|
||||
"Encrypted DNS (DoH/DoT)",
|
||||
"Network traffic encrypted in transit",
|
||||
"Software-defined perimeter",
|
||||
"Network access based on identity",
|
||||
],
|
||||
"Applications": [
|
||||
"Application inventory maintained",
|
||||
"Application-level access controls",
|
||||
"Continuous application security testing",
|
||||
"Secure API gateway",
|
||||
"Application isolation and sandboxing",
|
||||
],
|
||||
"Data": [
|
||||
"Data classification implemented",
|
||||
"Data loss prevention controls",
|
||||
"Encryption at rest for sensitive data",
|
||||
"Data access logging and monitoring",
|
||||
"Automated data lifecycle management",
|
||||
],
|
||||
}
|
||||
|
||||
|
||||
def assess_control(control: str, implemented: bool, maturity: str) -> dict:
|
||||
"""Assess a single control's implementation status and maturity."""
|
||||
level_scores = {"Traditional": 0, "Initial": 1, "Advanced": 2, "Optimal": 3}
|
||||
return {
|
||||
"control": control,
|
||||
"implemented": implemented,
|
||||
"maturity_level": maturity,
|
||||
"score": level_scores.get(maturity, 0) if implemented else 0,
|
||||
}
|
||||
|
||||
|
||||
def assess_pillar(pillar: str, responses: Dict[str, dict]) -> dict:
|
||||
"""Assess a single CISA ZT pillar based on control responses."""
|
||||
controls = PILLAR_CONTROLS.get(pillar, [])
|
||||
assessed = []
|
||||
for control in controls:
|
||||
resp = responses.get(control, {"implemented": False, "maturity": "Traditional"})
|
||||
assessed.append(assess_control(control, resp["implemented"], resp["maturity"]))
|
||||
max_score = len(controls) * 3
|
||||
actual_score = sum(c["score"] for c in assessed)
|
||||
pct = (actual_score / max_score * 100) if max_score else 0
|
||||
implemented_count = sum(1 for c in assessed if c["implemented"])
|
||||
if pct >= 75:
|
||||
level = "Optimal"
|
||||
elif pct >= 50:
|
||||
level = "Advanced"
|
||||
elif pct >= 25:
|
||||
level = "Initial"
|
||||
else:
|
||||
level = "Traditional"
|
||||
return {
|
||||
"pillar": pillar,
|
||||
"controls_assessed": len(assessed),
|
||||
"controls_implemented": implemented_count,
|
||||
"score": actual_score,
|
||||
"max_score": max_score,
|
||||
"percentage": round(pct, 1),
|
||||
"maturity_level": level,
|
||||
"controls": assessed,
|
||||
}
|
||||
|
||||
|
||||
def load_assessment_data(data_path: str) -> dict:
|
||||
"""Load assessment responses from JSON file."""
|
||||
with open(data_path, "r") as f:
|
||||
return json.load(f)
|
||||
|
||||
|
||||
def compute_overall_maturity(pillar_results: List[dict]) -> dict:
|
||||
"""Compute overall zero trust maturity from pillar assessments."""
|
||||
total_score = sum(p["score"] for p in pillar_results)
|
||||
total_max = sum(p["max_score"] for p in pillar_results)
|
||||
pct = (total_score / total_max * 100) if total_max else 0
|
||||
if pct >= 75:
|
||||
level = "Optimal"
|
||||
elif pct >= 50:
|
||||
level = "Advanced"
|
||||
elif pct >= 25:
|
||||
level = "Initial"
|
||||
else:
|
||||
level = "Traditional"
|
||||
return {"overall_score": total_score, "max_score": total_max,
|
||||
"percentage": round(pct, 1), "maturity_level": level}
|
||||
|
||||
|
||||
def generate_recommendations(pillar_results: List[dict]) -> List[dict]:
|
||||
"""Generate prioritized recommendations based on assessment gaps."""
|
||||
recs = []
|
||||
for pillar in pillar_results:
|
||||
for control in pillar["controls"]:
|
||||
if not control["implemented"]:
|
||||
recs.append({
|
||||
"pillar": pillar["pillar"],
|
||||
"control": control["control"],
|
||||
"priority": "HIGH" if pillar["percentage"] < 50 else "MEDIUM",
|
||||
"action": f"Implement: {control['control']}",
|
||||
})
|
||||
recs.sort(key=lambda r: 0 if r["priority"] == "HIGH" else 1)
|
||||
return recs
|
||||
|
||||
|
||||
def generate_report(data_path: str) -> dict:
|
||||
"""Generate CISA Zero Trust Maturity assessment report."""
|
||||
data = load_assessment_data(data_path)
|
||||
pillar_results = []
|
||||
for pillar in PILLARS:
|
||||
responses = data.get(pillar, {})
|
||||
pillar_results.append(assess_pillar(pillar, responses))
|
||||
overall = compute_overall_maturity(pillar_results)
|
||||
recs = generate_recommendations(pillar_results)
|
||||
return {
|
||||
"analysis_date": datetime.utcnow().isoformat(),
|
||||
"framework": "CISA Zero Trust Maturity Model v2.0",
|
||||
"overall_maturity": overall,
|
||||
"pillars": pillar_results,
|
||||
"recommendations": recs[:20],
|
||||
"recommendation_count": len(recs),
|
||||
}
|
||||
|
||||
|
||||
def main():
|
||||
parser = argparse.ArgumentParser(description="CISA Zero Trust Maturity Model Assessment")
|
||||
parser.add_argument("--data", required=True, help="Path to assessment data JSON")
|
||||
parser.add_argument("--output-dir", default=".")
|
||||
parser.add_argument("--output", default="ztmm_report.json")
|
||||
args = parser.parse_args()
|
||||
|
||||
os.makedirs(args.output_dir, exist_ok=True)
|
||||
report = generate_report(args.data)
|
||||
out_path = os.path.join(args.output_dir, args.output)
|
||||
with open(out_path, "w") as f:
|
||||
json.dump(report, f, indent=2)
|
||||
logger.info("Report saved to %s", out_path)
|
||||
print(json.dumps(report["overall_maturity"], indent=2))
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Reference in New Issue
Block a user