creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Browse Source 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
This commit is contained in:
mukul975
2026-03-10 21:02:12 +01:00
parent c74d52fa30
commit 27c6414ca5
1390 changed files with 106806 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/implementing-continuous-security-validation-with-bas/references/api-reference.md
+53
View File
@@ -0,0 +1,53 @@
# API Reference: Breach and Attack Simulation Agent
## Dependencies
| Library | Version | Purpose |
|---------|---------|---------|
| requests | >=2.28 | HTTP client for SIEM detection validation |
## CLI Usage
```bash
python scripts/agent.py \
--target 10.0.1.50 \
--siem-url https://siem.example.com \
--siem-key YOUR_KEY \
--output-dir /reports/
```
## Functions
### `simulate_technique(technique, target) -> dict`
Simulates a MITRE ATT&CK technique and records detection/blocked status.
### `check_siem_detection(siem_url, api_key, technique_id, time_window) -> dict`
Queries SIEM API for alerts matching the simulated technique within time window.
### `compute_detection_coverage(results) -> dict`
Calculates overall detection rate and per-tactic coverage breakdown.
### `generate_report(target, siem_url, siem_key) -> dict`
Runs 7 ATT&CK technique simulations and generates detection gap report.
## ATT&CK Techniques Tested
| ID | Name | Tactic |
|----|------|--------|
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1059.001 | PowerShell | Execution |
| T1003.001 | LSASS Memory | Credential Access |
| T1021.002 | SMB Admin Shares | Lateral Movement |
| T1486 | Data Encrypted for Impact | Impact |
| T1071.001 | Web Protocols | C2 |
| T1048.003 | Exfiltration Over Unencrypted | Exfiltration |
## Output Schema
```json
{
"coverage": {"total_tests": 7, "detected": 5, "missed": 2, "detection_rate_pct": 71.4},
"gaps": [{"technique_id": "T1003.001", "technique_name": "LSASS Memory"}],
"recommendations": ["Create detection rule for T1003.001"]
}
```