Claude Code Plugins

Community-maintained marketplace

Feedback

defensive-security

@pluginagentmarketplace/custom-plugin-cyber-security
1
0

SOC operations, incident response, and threat detection for security monitoring

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name defensive-security
description SOC operations, incident response, and threat detection for security monitoring
sasmp_version 1.3.0
production_grade true
last_updated 2025-01-01
bonded_agent 02-defensive-security
bond_type PRIMARY_BOND
bond_strength 1
operations [object Object]
validation [object Object]
retry [object Object]
observability [object Object]
errors [object Object]

Defensive Security Skill

Purpose: Blue team operations and security monitoring.

Operations Overview

Operation Input Output
analyze_alert alert_data, context classification, severity
hunt_threat hypothesis, sources findings, iocs
correlate_events events, window incidents, timeline
respond_incident id, action result, evidence

MITRE ATT&CK Coverage

Tactic Detection Techniques
Initial Access Email logs T1566
Execution Process logs T1059
Persistence Registry T1547
Lateral Movement Auth logs T1021

Troubleshooting

Alert Analysis Failed
    │
    ├─► E_INVALID_ALERT → Check required fields
    ├─► E_SIEM_TIMEOUT → Reduce query scope
    └─► E_LOG_SOURCE_UNAVAILABLE → Check forwarder

Version History

Version Date Changes
2.0.0 2025-01-01 Production-grade upgrade
1.0.0 2024-12-29 Initial release