Incident Response
Skill Verified ActiveUse when a security incident has been detected or declared and needs classification, triage, escalation path determination, and forensic evidence collection. Covers SEV1-SEV4 classification, false positive filtering, incident taxonomy, and NIST SP 800-61 lifecycle.
To provide a structured and efficient methodology for classifying, triaging, and managing declared security incidents, ensuring proper escalation and evidence collection.
Features
- Incident classification into 14 types with MITRE mapping
- Dynamic severity scoring (SEV1-SEV4) with escalation triggers
- Automated false positive filtering
- Forensic evidence collection guidance (DFRWS framework)
- Detailed regulatory notification deadline tracking
- Escalation path determination by severity and type
Use Cases
- Classifying and triaging incoming security alerts
- Determining appropriate severity levels and escalation paths for incidents
- Filtering out known false positives to reduce alert fatigue
- Initiating forensic evidence collection procedures
- Simulating incident response scenarios for tabletop exercises
Non-Goals
- Threat hunting or proactive threat detection
- Post-incident compliance mapping or governance
- Red team offensive simulations
- Cloud security posture assessment
Documentation
- info:Configuration & parameter referenceThe script's command-line arguments are documented, but there is no mention of environment variables or configuration file precedence for the script itself, and the schema for input events is described but not exhaustively documented.
Code Execution
- info:ValidationInput JSON is parsed, but specific validation of event fields like 'event_type' or 'raw_payload' content using a schema library is not explicitly demonstrated in the script.
Compliance
- info:GDPRThe skill processes incident data, which could potentially include personal data. While it doesn't submit data externally, the potential for personal data submission to the LLM exists without explicit sanitization steps mentioned.
Installation
First, add the marketplace
/plugin marketplace add alirezarezvani/claude-skills/plugin install engineering-team@claude-code-skillsQuality Score
VerifiedTrust Signals
Similar Extensions
Context Mode Ops
100Manage context-mode GitHub issues, PRs, releases, and marketing with parallel subagent army. Orchestrates 10-20 dynamic agents per task. Use when triaging issues, reviewing PRs, releasing versions, writing LinkedIn posts, announcing releases, fixing bugs, merging contributions, validating ENV vars, testing adapters, or syncing branches.
Prepare Inspection Readiness
100Prepare an organisation for regulatory inspection by assessing readiness against agency-specific focus areas (FDA, EMA, MHRA). Covers warning letter and 483 theme analysis, mock inspection protocols, document bundle preparation, inspection logistics, and response template creation. Use when a regulatory inspection has been announced or is anticipated, when a periodic self-assessment is due, when new systems have been implemented since the last inspection, or after a significant audit finding that may attract regulatory attention.
Monitor Data Integrity
100Design and operate a data integrity monitoring programme based on ALCOA+ principles. Covers detective controls, audit trail review schedules, anomaly detection patterns (off-hours activity, sequential modifications, bulk changes), metrics dashboards, investigation triggers, and escalation matrix definition. Use when establishing a data integrity monitoring programme for GxP systems, preparing for inspections where data integrity is a focus area, after a data integrity incident requiring enhanced monitoring, or when implementing MHRA, WHO, or PIC/S guidance.
Investigate Capa Root Cause
100Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.
Master Claude for Legal
100Master skill for legal teams using Claude. Loads the right reference for the user's question (privilege configuration, MCP hardening, verification, long documents, practice-area patterns, skill authoring) and routes to specialized starter skills (NDA triage, version diff, meeting brief, citation verification, status synthesis). Auto-invokes when the user mentions legal work, contracts, redlines, NDAs, privilege, attorney-client, court filings, depositions, regulatory compliance, or asks how to set up Claude for a law firm or in-house legal team.
TradeMemory Protocol
100Domain knowledge for the Evolution Engine — LLM-powered autonomous strategy discovery from raw OHLCV data. Covers the generate-backtest-select-evolve loop, vectorized backtesting, out-of-sample validation, and strategy graduation. Use when discovering trading patterns, running backtests, evolving strategies, or reviewing evolution logs. Triggers on "evolve", "discover patterns", "backtest", "evolution", "strategy generation", "candidate strategy".