mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 13:15:16 +03:00
Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal
- Add scripts/agent.py and references/api-reference.md to all remaining skills - Update all 648 LICENSE files: copyright now reads 'Mahipal' - Add implementing-security-monitoring-with-datadog (new skill with full anatomy) - All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
This commit is contained in:
@@ -0,0 +1,64 @@
|
||||
# API Reference: Phishing Reporting Button Workflow
|
||||
|
||||
## Email Parsing (Python email module)
|
||||
```python
|
||||
from email import policy
|
||||
from email.parser import BytesParser
|
||||
|
||||
with open("report.eml", "rb") as f:
|
||||
msg = BytesParser(policy=policy.default).parse(f)
|
||||
headers = {
|
||||
"from": msg["From"], "subject": msg["Subject"],
|
||||
"reply_to": msg["Reply-To"], "received": msg.get_all("Received")
|
||||
}
|
||||
```
|
||||
|
||||
## Phishing Indicators
|
||||
| Indicator | Weight | Description |
|
||||
|-----------|--------|-------------|
|
||||
| Reply-To mismatch | 20 | From and Reply-To differ |
|
||||
| SPF/DKIM fail | 25 | Authentication failure |
|
||||
| Suspicious language | 10 | Urgency/credential patterns |
|
||||
| Suspicious URL | 15 | Known bad TLDs or redirectors |
|
||||
| Dangerous attachment | 30 | Executable file extensions |
|
||||
|
||||
## VirusTotal URL Scan
|
||||
```
|
||||
GET https://www.virustotal.com/api/v3/urls/{url_id}
|
||||
x-apikey: YOUR_KEY
|
||||
```
|
||||
URL ID = base64url(url) or sha256(url)
|
||||
|
||||
## Dangerous File Extensions
|
||||
| Category | Extensions |
|
||||
|----------|-----------|
|
||||
| Executables | `.exe`, `.scr`, `.bat`, `.cmd` |
|
||||
| Scripts | `.js`, `.vbs`, `.ps1`, `.hta` |
|
||||
| Disk images | `.iso`, `.img`, `.vhd` |
|
||||
| Archives | `.zip` (password-protected), `.rar` |
|
||||
| Documents | `.docm`, `.xlsm` (macro-enabled) |
|
||||
|
||||
## Verdict Classification
|
||||
| Score | Verdict | Action |
|
||||
|-------|---------|--------|
|
||||
| >= 50 | Phishing | Block sender, quarantine, create ticket |
|
||||
| 25-49 | Suspicious | Analyst review required |
|
||||
| < 25 | Benign | Close report, notify user |
|
||||
|
||||
## Ticketing Integration
|
||||
```
|
||||
POST /api/v2/tickets
|
||||
Authorization: Bearer TOKEN
|
||||
{
|
||||
"title": "Phishing Report: ...",
|
||||
"severity": "high",
|
||||
"description": "...",
|
||||
"indicators": ["Reply-To mismatch", ...]
|
||||
}
|
||||
```
|
||||
|
||||
## Microsoft Report Message Add-in
|
||||
```
|
||||
POST https://graph.microsoft.com/v1.0/users/{id}/messages/{msgId}/move
|
||||
{"destinationId": "phishing-mailbox-id"}
|
||||
```
|
||||
Reference in New Issue
Block a user