mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-16 12:45:17 +03:00
27c6414ca5
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
1.7 KiB
1.7 KiB
API Reference: Detecting Insider Data Exfiltration via DLP
Pandas Behavioral Analytics
import pandas as pd
df = pd.read_csv("activity.csv", parse_dates=["timestamp"])
# Columns: timestamp, user, action, file_path, bytes_transferred, destination
# Daily volume baseline per user
daily = df.groupby(["user", df["timestamp"].dt.date])["bytes_transferred"].sum()
baseline = daily.groupby("user").agg(["mean", "std"])
# Off-hours detection
df["hour"] = df["timestamp"].dt.hour
off_hours = df[(df["hour"] < 6) | (df["hour"] >= 22)]
# Bulk download detection
df.set_index("timestamp").groupby("user").resample("1h").size()
Exfiltration Indicators
| Indicator | Threshold | Severity |
|---|---|---|
| Volume > 3x baseline | Per user daily avg | HIGH |
| Volume > 5x baseline | Per user daily avg | CRITICAL |
| Off-hours events | > 10 per user | HIGH |
| Bulk downloads | > 50 files/hour | CRITICAL |
| USB transfers | Any volume | HIGH |
| Sensitive file access | Pattern match | HIGH |
Sensitive File Patterns
patterns = [
r"\.pem$", r"\.key$", r"\.env$",
r"credentials", r"password", r"\.kdbx$",
r"financial", r"payroll", r"customer.*data"
]
Microsoft Purview DLP API
import requests
headers = {"Authorization": "Bearer <token>"}
resp = requests.get(
"https://graph.microsoft.com/v1.0/security/alerts_v2",
headers=headers,
params={"$filter": "category eq 'DataLossPrevention'"}
)