creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 14:14:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Browse Source 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
This commit is contained in:
mukul975
2026-03-10 21:02:12 +01:00
parent c74d52fa30
commit 27c6414ca5
1390 changed files with 106806 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/implementing-zero-trust-network-access/references/api-reference.md
+59
View File
@@ -0,0 +1,59 @@
# API Reference: Implementing Zero Trust Network Access
## AWS Verified Access API
| Operation | Description |
|-----------|-------------|
| `ec2.create_verified_access_instance()` | Create a Verified Access instance for ZTNA |
| `ec2.create_verified_access_trust_provider()` | Register OIDC or device trust provider |
| `ec2.create_verified_access_group()` | Create access group with Cedar policy |
| `ec2.create_verified_access_endpoint()` | Expose internal app through Verified Access |
| `ec2.describe_verified_access_instances()` | List all Verified Access instances |
| `ec2.modify_verified_access_instance_logging_configuration()` | Enable CloudWatch or S3 logging |
## GCP Identity-Aware Proxy API
| Operation | Description |
|-----------|-------------|
| `gcloud iap web enable` | Enable IAP on App Engine or backend service |
| `gcloud iap web add-iam-policy-binding` | Grant IAP access to users or groups |
| `gcloud access-context-manager levels create` | Create device/context access levels |
| `compute.backendServices.get()` | Check IAP status on backend services |
## Azure Conditional Access (MS Graph)
| Endpoint | Method | Description |
|----------|--------|-------------|
| `/identity/conditionalAccess/policies` | POST | Create conditional access policy |
| `/identity/conditionalAccess/policies/{id}` | PATCH | Update policy conditions or grants |
| `/identity/conditionalAccess/namedLocations` | GET | List trusted network locations |
## AWS Security Groups (Micro-Segmentation)
| Operation | Description |
|-----------|-------------|
| `ec2.describe_security_groups()` | Audit ingress/egress rules for open CIDR ranges |
| `ec2.authorize_security_group_ingress()` | Add least-privilege ingress rule by source SG |
| `ec2.revoke_security_group_ingress()` | Remove overly permissive rules |
## Key Libraries
- **boto3**: AWS SDK for Python — Verified Access and EC2 security group APIs
- **google-cloud-compute**: GCP Compute client for backend service IAP checks
- **azure-identity + azure-mgmt-network**: Azure Private Endpoint management
- **msgraph-sdk**: Microsoft Graph SDK for Conditional Access policies
## Configuration
| Variable | Description |
|----------|-------------|
| `AWS_PROFILE` | AWS CLI profile with `ec2:Describe*` and `ec2:Create*` permissions |
| `GOOGLE_CLOUD_PROJECT` | GCP project ID for IAP configuration |
| `AZURE_TENANT_ID` | Azure AD tenant for Conditional Access policies |
## References
- [AWS Verified Access Documentation](https://docs.aws.amazon.com/verified-access/)
- [GCP Identity-Aware Proxy](https://cloud.google.com/iap/docs)
- [Azure Conditional Access](https://learn.microsoft.com/en-us/entra/identity/conditional-access/)
- [BeyondCorp Enterprise](https://cloud.google.com/beyondcorp-enterprise/docs)