mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-15 15:34:56 +03:00
mukul975
c47eed6a64
- Fix 25 shell=True subprocess calls with list-based commands - Fix 49 verify=False in defensive skills (env-var override) - Add timeout to 231 HTTP/subprocess/socket calls - Fix 6 SQL injection patterns with whitelist validation - Replace 8 __import__() with standard imports - Remove 701 unused imports across 442 files - Add authorized-testing disclaimers to all offensive skills - Complete 11 incomplete skill directories - Expand 10 stub SKILL.md files with full content - Fix 2 YAML parse errors in frontmatter - Fix 5 pre-existing syntax errors - Convert 22 hardcoded paths/ports to environment variables - Back up 21 redundant skill pairs to .bak - Fix 2 global declaration errors - 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE) - 0 compile errors across all 724 agent.py files
1.4 KiB
1.4 KiB
Active Security Breach Containment — API Reference
Libraries
| Library | Install | Purpose |
|---|---|---|
| requests | pip install requests |
EDR API calls for host isolation |
| falconpy | pip install crowdstrike-falconpy |
CrowdStrike Falcon SDK |
| ldap3 | pip install ldap3 |
AD account disable via LDAP |
CrowdStrike Falcon Host Isolation
from falconpy import Hosts
hosts = Hosts(client_id="ID", client_secret="SECRET")
hosts.perform_action(action_name="contain", ids=["device_id"])
Containment Actions
| Action | Method | Scope |
|---|---|---|
| Host Isolation | EDR API (CrowdStrike, Defender) | Single endpoint |
| Account Disable | Disable-ADAccount / LDAP |
User identity |
| IP Block | Firewall rule / NGFW API | Network perimeter |
| Session Revoke | Revoke-AzureADUserAllRefreshToken |
Cloud sessions |
| Token Invalidation | IdP API | OAuth/SAML tokens |
NIST IR Phases
| Phase | Actions |
|---|---|
| Containment | Isolate, disable, block |
| Eradication | Remove malware, patch vulnerabilities |
| Recovery | Restore, validate, monitor |