creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 14:14:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d63b578a2f98cf26496aad4e997c7f57a388bccd
Anthropic-Cybersecurity-Skills/skills/executing-diamond-model-analysis.bak/references/api-reference.md
T
mukul975 c47eed6a64 Production hardening: security fixes, code quality, 724 skills complete 
- Fix 25 shell=True subprocess calls with list-based commands
- Fix 49 verify=False in defensive skills (env-var override)
- Add timeout to 231 HTTP/subprocess/socket calls
- Fix 6 SQL injection patterns with whitelist validation
- Replace 8 __import__() with standard imports
- Remove 701 unused imports across 442 files
- Add authorized-testing disclaimers to all offensive skills
- Complete 11 incomplete skill directories
- Expand 10 stub SKILL.md files with full content
- Fix 2 YAML parse errors in frontmatter
- Fix 5 pre-existing syntax errors
- Convert 22 hardcoded paths/ports to environment variables
- Back up 21 redundant skill pairs to .bak
- Fix 2 global declaration errors
- 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE)
- 0 compile errors across all 724 agent.py files
2026-03-19 13:26:49 +01:00

2.0 KiB
Raw Blame History

API Reference: Diamond Model Analysis Agent

Dependencies

Library Version Purpose
Python stdlib 3.8+ json, dataclasses, hashlib, argparse

CLI Usage

python scripts/agent.py \
  --input events.json \
  --output diamond_report.json \
  --pivot-type infrastructure \
  --pivot-value "185.220.101.42"

Input Format

[
  {
    "event_id": "EVT-001",
    "timestamp": "2025-01-15T14:30:00Z",
    "adversary": ["APT29"],
    "adversary_confidence": "high",
    "capabilities": ["SUNBURST", "T1071.001"],
    "infrastructure": ["185.220.101.42", "evil-redir.com"],
    "victims": ["TargetCorp"],
    "phase": "C2",
    "result": "success"
  }
]

Functions

create_event(event_data) -> DiamondEvent

Constructs a DiamondEvent dataclass from raw dict. Auto-generates event_id via MD5 if not provided.

pivot_on_vertex(events, vertex_type, value) -> list

Returns events sharing a specified vertex value. Supports pivoting on adversary, capability, infrastructure, victim.

cluster_events(events) -> dict

Groups events by shared infrastructure or capability values. Returns clusters with overlapping event IDs.

build_activity_thread(events) -> list

Sorts events chronologically and assigns sequence numbers for timeline reconstruction.

generate_report(events) -> dict

Produces the full Diamond Model report with unique entities, activity thread, and clusters.

Data Classes

Vertex

Fields: vertex_type (str), values (list), confidence (str), notes (str)

DiamondEvent

Fields: event_id, timestamp, adversary (Vertex), capability (Vertex), infrastructure (Vertex), victim (Vertex), phase, direction, result

Output Schema

{
  "report_date": "ISO-8601",
  "total_events": 5,
  "unique_adversaries": ["APT29"],
  "unique_infrastructure": ["185.220.101.42"],
  "activity_thread": [{"sequence": 1, "event_id": "EVT-001", ...}],
  "clusters": {"clusters": [...], "total_events": 5}
}
Reference in New Issue View Git Blame Copy Permalink