mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 22:24:56 +03:00

Files

T

mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal

- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md

2026-03-11 00:22:12 +01:00

1.5 KiB

Raw Blame History

API Reference: Splunk SPL Detection Rules

Splunk REST API - Saved Searches

POST /servicesNS/{owner}/{app}/saved/searches
Authorization: Bearer TOKEN

Field	Description
`name`	Saved search name
`search`	SPL query string
`is_scheduled`	1 for scheduled
`cron_schedule`	Cron expression (e.g., `/5 * * *`)
`dispatch.earliest_time`	Start of search window
`alert.severity`	1-5 (info to critical)
`alert_type`	`number of events`
`alert_threshold`	Trigger threshold

Key SPL Commands

Command	Description
`stats count by field`	Aggregate events
`where count > N`	Filter results
`table field1, field2`	Select fields
`eval`	Compute new fields
`lookup`	Enrich from lookup table
`tstats`	Accelerated data model search
`join`	Join two datasets

Windows Event IDs for Detection

EventCode	Source	Description
4624	Security	Successful logon
4625	Security	Failed logon
4648	Security	Explicit credential logon
4698	Security	Scheduled task created
4104	PowerShell	Script block logging
1	Sysmon	Process creation
3	Sysmon	Network connection
10	Sysmon	Process access

Alert Severity Levels

Level	Value	Description
Info	1	Informational
Low	2	Low risk
Medium	3	Medium risk
High	4	High risk
Critical	5	Critical risk

1.5 KiB Raw Blame History

API Reference: Splunk SPL Detection Rules

Splunk REST API - Saved Searches

Key SPL Commands

Windows Event IDs for Detection

Alert Severity Levels

1.5 KiB

Raw Blame History