creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-26 19:54:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
768ca51c8d331ab0bdcea8ffb31c9b99bb2c1839
Anthropic-Cybersecurity-Skills/skills/operationalizing-misp-threat-feeds/references/api-reference.md
T
mukul975 8cae0648ec Add 55 new skills across 3 new domains + 6 undercovered areas (762 -> 817) 
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):

- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
  prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
  invocation, guardrails, model/data poisoning, system-prompt leakage,
  embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
  malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
  Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
  shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
  Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration

Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
2026-06-22 19:08:16 +02:00

2.4 KiB
Raw Blame History

MISP / PyMISP API Reference

PyMISP client

Install: pip install pymisp

from pymisp import PyMISP
misp = PyMISP("https://misp.example", "AUTH_KEY", ssl=True)

Feed management

Method Description
misp.feeds(pythonify=True) List configured feeds.
misp.add_feed(MISPFeed, pythonify=True) Register a new feed.
misp.enable_feed(feed_id) / misp.disable_feed(feed_id) Toggle a feed.
misp.fetch_feed(feed_id) Pull a feed's events into the instance.
misp.cache_feeds(scope) / misp.cache_all_feeds() Cache feed IOCs into Redis for correlation.

Searching attributes/events

Call Description
misp.search(controller="attributes", ...) Search attributes (IOCs).
type_attribute=[...] Filter by attribute type (ip-dst, domain, url, md5, sha256).
to_ids=True Only IDS-flagged (actionable) attributes.
published=True Only attributes in published events.
last="7d" Published within a time window.
enforce_warninglist=True Drop values matching enabled warninglists.
tags=["tlp:white"] Filter by tag/taxonomy.

Warninglists

Method Description
misp.warninglists(pythonify=True) List warninglists.
misp.toggle_warninglist(warninglist_id=ID, force_enable=True) Enable a warninglist.

REST restSearch return formats

Endpoint: POST/GET https://<misp>/attributes/restSearch/ with header Authorization: <AUTH_KEY>.

Path-style modifiers: returnFormat:<fmt>/to_ids:1/type:<a%7Cb%7Cc>/last:7d/published:1

returnFormat Output
json Native JSON.
suricata Suricata IDS rules.
snort Snort IDS rules.
csv CSV of attributes.
text Plain value list (one per line).
stix2 STIX 2.1 bundle.

Example:

curl -s -k -H "Authorization: AUTH_KEY" -H "Accept: application/json" \
  "https://misp/attributes/restSearch/returnFormat:suricata/to_ids:1/type:domain%7Cip-dst" \
  -o misp.rules

Downstream deployment

Tool Command
Suricata validate suricata -T -c /etc/suricata/suricata.yaml
Suricata reload suricatasc -c reload-rules
Wazuh restart /var/ossec/bin/wazuh-control restart
Sigma convert sigma convert -t splunk -p splunk_windows rule.yml
Reference in New Issue View Git Blame Copy Permalink