Incident Response
Skill Verifiziert AktivUse when a security incident has been detected or declared and needs classification, triage, escalation path determination, and forensic evidence collection. Covers SEV1-SEV4 classification, false positive filtering, incident taxonomy, and NIST SP 800-61 lifecycle.
To provide a structured and efficient methodology for classifying, triaging, and managing declared security incidents, ensuring proper escalation and evidence collection.
Funktionen
- Incident classification into 14 types with MITRE mapping
- Dynamic severity scoring (SEV1-SEV4) with escalation triggers
- Automated false positive filtering
- Forensic evidence collection guidance (DFRWS framework)
- Detailed regulatory notification deadline tracking
- Escalation path determination by severity and type
Anwendungsfälle
- Classifying and triaging incoming security alerts
- Determining appropriate severity levels and escalation paths for incidents
- Filtering out known false positives to reduce alert fatigue
- Initiating forensic evidence collection procedures
- Simulating incident response scenarios for tabletop exercises
Nicht-Ziele
- Threat hunting or proactive threat detection
- Post-incident compliance mapping or governance
- Red team offensive simulations
- Cloud security posture assessment
Documentation
- info:Configuration & parameter referenceThe script's command-line arguments are documented, but there is no mention of environment variables or configuration file precedence for the script itself, and the schema for input events is described but not exhaustively documented.
Code Execution
- info:ValidationInput JSON is parsed, but specific validation of event fields like 'event_type' or 'raw_payload' content using a schema library is not explicitly demonstrated in the script.
Compliance
- info:GDPRThe skill processes incident data, which could potentially include personal data. While it doesn't submit data externally, the potential for personal data submission to the LLM exists without explicit sanitization steps mentioned.
Installation
Zuerst Marketplace hinzufügen
/plugin marketplace add alirezarezvani/claude-skills/plugin install engineering-team@claude-code-skillsQualitätspunktzahl
VerifiziertVertrauenssignale
Ähnliche Erweiterungen
Context Mode Ops
100Verwalten Sie GitHub-Issues, PRs, Releases und Marketing mit parallelen Subagenten-Armeen im Context-Mode. Orchestriert 10-20 dynamische Agenten pro Aufgabe. Verwenden Sie dies bei der Triage von Issues, der Überprüfung von PRs, der Veröffentlichung von Versionen, dem Schreiben von LinkedIn-Posts, der Ankündigung von Releases, der Behebung von Fehlern, dem Mergen von Beiträgen, der Validierung von ENV-Variablen, dem Testen von Adaptern oder dem Synchronisieren von Branches.
Prepare Inspection Readiness
100Prepare an organisation for regulatory inspection by assessing readiness against agency-specific focus areas (FDA, EMA, MHRA). Covers warning letter and 483 theme analysis, mock inspection protocols, document bundle preparation, inspection logistics, and response template creation. Use when a regulatory inspection has been announced or is anticipated, when a periodic self-assessment is due, when new systems have been implemented since the last inspection, or after a significant audit finding that may attract regulatory attention.
Monitor Data Integrity
100Design and operate a data integrity monitoring programme based on ALCOA+ principles. Covers detective controls, audit trail review schedules, anomaly detection patterns (off-hours activity, sequential modifications, bulk changes), metrics dashboards, investigation triggers, and escalation matrix definition. Use when establishing a data integrity monitoring programme for GxP systems, preparing for inspections where data integrity is a focus area, after a data integrity incident requiring enhanced monitoring, or when implementing MHRA, WHO, or PIC/S guidance.
Investigate Capa Root Cause
100Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.
Master Claude for Legal
100Master-Skill für Rechtsteams, die Claude verwenden. Lädt die richtige Referenz für die Benutzerfrage (Konfiguration von Privilegien, MCP-Härtung, Verifizierung, lange Dokumente, Muster für Fachbereiche, Skill-Erstellung) und leitet an spezialisierte Starter-Skills weiter (NDA-Triage, Versionsvergleich, Besprechungszusammenfassung, Zitationsverifizierung, Status-Synthese). Wird automatisch aufgerufen, wenn der Benutzer juristische Arbeit, Verträge, Redlines, NDAs, Privilegien, Anwaltsgeheimnis, Gerichtsakten, Vernehmungen, regulatorische Compliance erwähnt oder fragt, wie Claude für eine Anwaltskanzlei oder ein internes Rechtsteam eingerichtet wird.
TradeMemory Protocol
100Domänenwissen für die Evolution Engine — LLM-gestützte autonome Strategieentdeckung aus rohen OHLCV-Daten. Behandelt die Schleife Generieren-Backtesten-Auswählen-Entwickeln, vektorisiertes Backtesting, Out-of-Sample-Validierung und Strategiegraduierung. Verwenden Sie es beim Entdecken von Handelspatterns, Ausführen von Backtests, Entwickeln von Strategien oder Überprüfen von Evolutionsprotokollen. Löst aus bei "evolve", "discover patterns", "backtest", "evolution", "strategy generation", "candidate strategy".