creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 22:24:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d63b578a2f98cf26496aad4e997c7f57a388bccd
Anthropic-Cybersecurity-Skills/skills/executing-diamond-model-analysis.bak/references/api-reference.md
T
mukul975 c47eed6a64 Production hardening: security fixes, code quality, 724 skills complete 
- Fix 25 shell=True subprocess calls with list-based commands
- Fix 49 verify=False in defensive skills (env-var override)
- Add timeout to 231 HTTP/subprocess/socket calls
- Fix 6 SQL injection patterns with whitelist validation
- Replace 8 __import__() with standard imports
- Remove 701 unused imports across 442 files
- Add authorized-testing disclaimers to all offensive skills
- Complete 11 incomplete skill directories
- Expand 10 stub SKILL.md files with full content
- Fix 2 YAML parse errors in frontmatter
- Fix 5 pre-existing syntax errors
- Convert 22 hardcoded paths/ports to environment variables
- Back up 21 redundant skill pairs to .bak
- Fix 2 global declaration errors
- 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE)
- 0 compile errors across all 724 agent.py files
2026-03-19 13:26:49 +01:00

74 lines
2.0 KiB
Markdown
Raw Blame History

# API Reference: Diamond Model Analysis Agent
## Dependencies
| Library | Version | Purpose |
|---------|---------|---------|
| Python stdlib | 3.8+ | json, dataclasses, hashlib, argparse |
## CLI Usage
```bash
python scripts/agent.py \
--input events.json \
--output diamond_report.json \
--pivot-type infrastructure \
--pivot-value "185.220.101.42"
```
## Input Format
```json
[
{
"event_id": "EVT-001",
"timestamp": "2025-01-15T14:30:00Z",
"adversary": ["APT29"],
"adversary_confidence": "high",
"capabilities": ["SUNBURST", "T1071.001"],
"infrastructure": ["185.220.101.42", "evil-redir.com"],
"victims": ["TargetCorp"],
"phase": "C2",
"result": "success"
}
]
```
## Functions
### `create_event(event_data) -> DiamondEvent`
Constructs a `DiamondEvent` dataclass from raw dict. Auto-generates `event_id` via MD5 if not provided.
### `pivot_on_vertex(events, vertex_type, value) -> list`
Returns events sharing a specified vertex value. Supports pivoting on `adversary`, `capability`, `infrastructure`, `victim`.
### `cluster_events(events) -> dict`
Groups events by shared infrastructure or capability values. Returns clusters with overlapping event IDs.
### `build_activity_thread(events) -> list`
Sorts events chronologically and assigns sequence numbers for timeline reconstruction.
### `generate_report(events) -> dict`
Produces the full Diamond Model report with unique entities, activity thread, and clusters.
## Data Classes
### `Vertex`
Fields: `vertex_type` (str), `values` (list), `confidence` (str), `notes` (str)
### `DiamondEvent`
Fields: `event_id`, `timestamp`, `adversary` (Vertex), `capability` (Vertex), `infrastructure` (Vertex), `victim` (Vertex), `phase`, `direction`, `result`
## Output Schema
```json
{
"report_date": "ISO-8601",
"total_events": 5,
"unique_adversaries": ["APT29"],
"unique_infrastructure": ["185.220.101.42"],
"activity_thread": [{"sequence": 1, "event_id": "EVT-001", ...}],
"clusters": {"clusters": [...], "total_events": 5}
}
```
Reference in New Issue View Git Blame Copy Permalink