mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-16 20:55:17 +03:00
Production hardening: security fixes, code quality, 724 skills complete
- Fix 25 shell=True subprocess calls with list-based commands - Fix 49 verify=False in defensive skills (env-var override) - Add timeout to 231 HTTP/subprocess/socket calls - Fix 6 SQL injection patterns with whitelist validation - Replace 8 __import__() with standard imports - Remove 701 unused imports across 442 files - Add authorized-testing disclaimers to all offensive skills - Complete 11 incomplete skill directories - Expand 10 stub SKILL.md files with full content - Fix 2 YAML parse errors in frontmatter - Fix 5 pre-existing syntax errors - Convert 22 hardcoded paths/ports to environment variables - Back up 21 redundant skill pairs to .bak - Fix 2 global declaration errors - 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE) - 0 compile errors across all 724 agent.py files
This commit is contained in:
@@ -0,0 +1,41 @@
|
||||
# Active Security Breach Containment — API Reference
|
||||
|
||||
## Libraries
|
||||
|
||||
| Library | Install | Purpose |
|
||||
|---------|---------|---------|
|
||||
| requests | `pip install requests` | EDR API calls for host isolation |
|
||||
| falconpy | `pip install crowdstrike-falconpy` | CrowdStrike Falcon SDK |
|
||||
| ldap3 | `pip install ldap3` | AD account disable via LDAP |
|
||||
|
||||
## CrowdStrike Falcon Host Isolation
|
||||
|
||||
```python
|
||||
from falconpy import Hosts
|
||||
hosts = Hosts(client_id="ID", client_secret="SECRET")
|
||||
hosts.perform_action(action_name="contain", ids=["device_id"])
|
||||
```
|
||||
|
||||
## Containment Actions
|
||||
|
||||
| Action | Method | Scope |
|
||||
|--------|--------|-------|
|
||||
| Host Isolation | EDR API (CrowdStrike, Defender) | Single endpoint |
|
||||
| Account Disable | `Disable-ADAccount` / LDAP | User identity |
|
||||
| IP Block | Firewall rule / NGFW API | Network perimeter |
|
||||
| Session Revoke | `Revoke-AzureADUserAllRefreshToken` | Cloud sessions |
|
||||
| Token Invalidation | IdP API | OAuth/SAML tokens |
|
||||
|
||||
## NIST IR Phases
|
||||
|
||||
| Phase | Actions |
|
||||
|-------|---------|
|
||||
| Containment | Isolate, disable, block |
|
||||
| Eradication | Remove malware, patch vulnerabilities |
|
||||
| Recovery | Restore, validate, monitor |
|
||||
|
||||
## External References
|
||||
|
||||
- [CrowdStrike Falcon API](https://falcon.crowdstrike.com/documentation/page/a2a7fc0e/host-and-host-group-management-apis)
|
||||
- [NIST SP 800-61 Rev 2](https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final)
|
||||
- [SANS IR Playbook](https://www.sans.org/white-papers/33901/)
|
||||
Reference in New Issue
Block a user