creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 22:54:53 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/building-soc-escalation-matrix/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

66 lines
1.8 KiB
Markdown
Raw Blame History

# API Reference: SOC Escalation Matrix
## Priority Tiers
| Tier | Response SLA | Update SLA | Resolution SLA |
|------|-------------|------------|----------------|
| P1 Critical | 15 min | 1 hour | 4 hours |
| P2 High | 30 min | 2 hours | 8 hours |
| P3 Medium | 1 hour | 4 hours | 24 hours |
| P4 Low | 4 hours | 8 hours | 72 hours |
## Alert Categories
| Category | Default Priority | Auto-Escalate Triggers |
|----------|-----------------|----------------------|
| Malware | P2 | ransomware, wiper, apt |
| Phishing | P3 | executive_target, credential_harvested |
| Unauthorized Access | P2 | admin_account, domain_controller |
| Data Exfiltration | P1 | pii, financial, classified |
| Insider Threat | P2 | privileged_user, data_staging |
## Escalation Chain
```
P1: SOC Analyst → SOC Lead → IR Manager → CISO
P2: SOC Analyst → SOC Lead → IR Manager
P3: SOC Analyst → SOC Lead
P4: SOC Analyst
```
## Notification Channels
| Tier | Channels |
|------|----------|
| P1 | Slack #critical-alerts, PagerDuty, Email CISO, SMS |
| P2 | Slack #soc-alerts, PagerDuty, Email IR Manager |
| P3 | Slack #soc-alerts, Email SOC Lead |
| P4 | Slack #soc-triage |
## PagerDuty Incident API
```
POST https://events.pagerduty.com/v2/enqueue
{
"routing_key": "SERVICE_KEY",
"event_action": "trigger",
"payload": {
"summary": "P1 Alert: Data exfiltration detected",
"severity": "critical",
"source": "SOC SIEM"
}
}
```
## Slack Webhook Notification
```
POST https://hooks.slack.com/services/T.../B.../xxx
{
"channel": "#critical-alerts",
"text": "P1 Incident: ..."
}
```
## Auto-Escalation Rules
| Condition | Action |
|-----------|--------|
| Response SLA exceeded | Escalate to next in chain |
| >= 3 correlated alerts | Increase priority by 1 |
| VIP user affected | Auto-escalate to P1 |
| Critical asset impacted | Increase priority by 1 |
Reference in New Issue View Git Blame Copy Permalink