mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 05:34:55 +03:00
mukul975
c21af3347e
- Add scripts/agent.py and references/api-reference.md to all remaining skills - Update all 648 LICENSE files: copyright now reads 'Mahipal' - Add implementing-security-monitoring-with-datadog (new skill with full anatomy) - All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
1.5 KiB
1.5 KiB
API Reference: Implementing Endpoint DLP Controls
Sensitive Data Patterns
| Pattern | Regex | Severity |
|---|---|---|
| SSN | \d{3}-\d{2}-\d{4} |
HIGH |
| Credit Card | 4[0-9]{12}(?:[0-9]{3})? |
HIGH |
| AWS Key | AKIA[0-9A-Z]{16} |
CRITICAL |
| Private Key | -----BEGIN.*PRIVATE KEY----- |
CRITICAL |
| API Key | api[_-]?key\s*[:=]\s*[a-zA-Z0-9]{20,} |
HIGH |
DLP Channels
| Channel | Monitoring Method |
|---|---|
| USB/Removable | Device event logs |
| Cloud Storage | URL/domain filtering |
| Attachment scanning | |
| Clipboard | Process monitoring |
| Print spooler events |
Microsoft Purview DLP API
import requests
headers = {"Authorization": "Bearer <token>"}
resp = requests.get(
"https://graph.microsoft.com/v1.0/security/alerts_v2",
headers=headers,
params={"$filter": "category eq 'DataLossPrevention'"})
CrowdStrike Falcon DLP
curl -X GET "https://api.crowdstrike.com/dlp/entities/policies/v1" \
-H "Authorization: Bearer $TOKEN"
File Scanning
from pathlib import Path
import re
SENSITIVE_EXTS = {".pem", ".key", ".env", ".kdbx", ".pfx"}
for f in Path("/data").rglob("*"):
if f.suffix in SENSITIVE_EXTS or re.search(r"AKIA", f.read_text()):
print(f"ALERT: {f}")
References
- Microsoft Purview DLP: https://learn.microsoft.com/en-us/purview/dlp-learn-about-dlp
- CrowdStrike Falcon DLP: https://www.crowdstrike.com/platform/data-protection/