Hunt threats and analyze IOCs
threat-detectionskillsetup L3★17,464
alirezarezvani/claude-skills ↗What it does
Hunt for hidden threats via hypothesis scoring, IOC analysis, and behavioral anomaly detection
Best for
Threat intelligence teams hunting for attacker TTPs that evaded automated controls before alerts fire.
Inputs
- · Threat hunting hypothesis
- · IOC JSON feed
- · Telemetry events (SIEM/EDR logs)
Outputs
- · Hypothesis priority score
- · IOC sweep targets
- · Anomaly findings with z-scores
Requires
- · threat_signal_analyzer.py
- · SIEM/EDR access
- · MITRE ATT&CK framework
Preconditions
Read access to SIEM/EDR telemetry; IOC feed < 30 days fresh; hunting hypothesis scoped to environment
Failure modes
- · Stale IOCs (>30 days) → false positives, wasted investigation
- · Hypothesis too broad → cannot scope data sources or detection threshold
- · Anomaly baseline poorly calibrated → benign activity flagged as signal
Trust signals
- · Hypothesis scoring: (actor_relevance×3) + (control_gap×2) + (data_availability×1)
- · MITRE ATT&CK technique mapping for tactic-level prioritization
- · Z-score anomaly detection: flags outliers >2σ from baseline mean