feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills

Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.

All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)
This commit is contained in:
mukul975
2026-04-06 11:17:31 +02:00
parent e8105a2f4d
commit efca3ec611
754 changed files with 12847 additions and 2832 deletions
@@ -1,16 +1,24 @@
---
name: implementing-siem-correlation-rules-for-apt
description: >-
Write multi-event correlation rules that detect APT lateral movement by chaining Windows authentication events,
process execution telemetry, and network connection logs across hosts. Uses Splunk SPL and Sigma rule format
to correlate Event IDs 4624, 4648, 4688, and Sysmon Events 1/3 within sliding time windows to surface attack
sequences invisible to single-event detections.
description: Write multi-event correlation rules that detect APT lateral movement by chaining Windows authentication events,
process execution telemetry, and network connection logs across hosts. Uses Splunk SPL and Sigma rule format to correlate
Event IDs 4624, 4648, 4688, and Sysmon Events 1/3 within sliding time windows to surface attack sequences invisible to single-event
detections.
domain: cybersecurity
subdomain: security-operations
tags: [implementing, siem, correlation, rules]
version: "1.0"
tags:
- implementing
- siem
- correlation
- rules
version: '1.0'
author: mahipal
license: Apache-2.0
nist_csf:
- DE.CM-01
- RS.MA-01
- GV.OV-01
- DE.AE-02
---