mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-19 14:09:40 +03:00
Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal
- Add scripts/agent.py and references/api-reference.md to all remaining skills - Update all 648 LICENSE files: copyright now reads 'Mahipal' - Add implementing-security-monitoring-with-datadog (new skill with full anatomy) - All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
This commit is contained in:
@@ -0,0 +1,47 @@
|
||||
# Host-Based Intrusion Detection — API Reference
|
||||
|
||||
## Libraries
|
||||
|
||||
| Library | Install | Purpose |
|
||||
|---------|---------|---------|
|
||||
| requests | `pip install requests` | Wazuh REST API client |
|
||||
| osquery | Binary install | SQL-based host inspection |
|
||||
| hashlib | stdlib | File integrity hash computation |
|
||||
|
||||
## Wazuh API Endpoints
|
||||
|
||||
| Method | Endpoint | Description |
|
||||
|--------|----------|-------------|
|
||||
| POST | `/security/user/authenticate` | Obtain JWT token |
|
||||
| GET | `/agents` | List managed agents |
|
||||
| GET | `/agents/{id}` | Agent details |
|
||||
| GET | `/sca/{agent_id}` | Security Configuration Assessment results |
|
||||
| GET | `/rootcheck/{agent_id}` | Rootkit check results |
|
||||
| GET | `/alerts` | Query security alerts |
|
||||
| GET | `/rules` | List detection rules |
|
||||
|
||||
## Key osquery Tables
|
||||
|
||||
| Table | Description |
|
||||
|-------|-------------|
|
||||
| `processes` | Running processes with user, path, cmdline |
|
||||
| `listening_ports` | Open network ports and bound processes |
|
||||
| `users` | System user accounts |
|
||||
| `file` | File metadata and hashes |
|
||||
| `suid_bin` | SUID/SGID binaries |
|
||||
| `crontab` | Scheduled cron jobs |
|
||||
|
||||
## OSSEC Rule IDs
|
||||
|
||||
| Rule ID Range | Category |
|
||||
|---------------|----------|
|
||||
| 500-599 | File integrity monitoring |
|
||||
| 5700-5799 | SSH authentication |
|
||||
| 18100-18199 | Linux audit events |
|
||||
| 31100-31199 | Web attack detection |
|
||||
|
||||
## External References
|
||||
|
||||
- [Wazuh API Reference](https://documentation.wazuh.com/current/user-manual/api/reference.html)
|
||||
- [osquery Schema](https://osquery.io/schema/)
|
||||
- [OSSEC Rule Syntax](https://www.ossec.net/docs/syntax/head_rules.html)
|
||||
Reference in New Issue
Block a user