creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
27c6414ca5ae1b96adc7b36e2e486db95cbcb7c0
Anthropic-Cybersecurity-Skills/skills/performing-soc-tabletop-exercise/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

2.5 KiB
Raw Blame History

API Reference: SOC Tabletop Exercise Agent

Overview

Manages SOC tabletop exercise lifecycle: scenario generation from templates, participant tracking, inject delivery, response scoring, and after-action report generation.

Dependencies

Package Version Purpose
json stdlib Report serialization
datetime stdlib Exercise scheduling and IDs

Core Functions

create_exercise(scenario_type, participants, duration_hours=3)

Creates a structured tabletop exercise from a scenario template.

  • Parameters: scenario_type (str) - one of ransomware, data_breach, supply_chain; participants (list[dict]) - role/count pairs
  • Returns: dict - full exercise object with phases and objectives

score_response(category, score)

Scores participant response in a specific evaluation category.

  • Parameters: category (str) - one of detection_and_triage, containment_decision, communication, business_continuity; score (int) - 0-100
  • Returns: dict - category, score, rating, weight

calculate_overall_score(scores)

Computes weighted average across all scored categories.

  • Parameters: scores (list[dict]) - output from score_response
  • Returns: float - overall score

generate_after_action_report(exercise, scores, gaps, strengths)

Produces the formal after-action report document.

  • Parameters: exercise (dict), scores (list), gaps (list[dict]), strengths (list[str])
  • Returns: dict - AAR with scores, findings, and next exercise date

Scenario Templates

Template Phases Focus Areas
ransomware 6 injects Detection, containment, ransom decision, recovery
data_breach 4 injects DLP, insider threat, PII notification
supply_chain 4 injects Vendor compromise, lateral movement, credential reset

Scoring Criteria

Category Weight Rating Thresholds
detection_and_triage 25% >=85 Excellent, >=70 Good, >=55 Adequate
containment_decision 25% >=85 Excellent, >=70 Good, >=55 Adequate
communication 25% >=85 Excellent, >=70 Good, >=55 Adequate
business_continuity 25% >=85 Excellent, >=70 Good, >=55 Adequate

Output Schema

{
  "exercise_id": "TTX-2026-Q1",
  "overall_score": "72/100 (Adequate)",
  "scores": {"detection_and_triage": "85/100 (Excellent)"},
  "gaps": [{"finding": "...", "risk": "High", "owner": "SOC Manager"}],
  "strengths": ["Ransomware indicators correctly identified"]
}
Reference in New Issue View Git Blame Copy Permalink