Incident Response
技能 已验证 活跃Use when a security incident has been detected or declared and needs classification, triage, escalation path determination, and forensic evidence collection. Covers SEV1-SEV4 classification, false positive filtering, incident taxonomy, and NIST SP 800-61 lifecycle.
To provide a structured and efficient methodology for classifying, triaging, and managing declared security incidents, ensuring proper escalation and evidence collection.
功能
- Incident classification into 14 types with MITRE mapping
- Dynamic severity scoring (SEV1-SEV4) with escalation triggers
- Automated false positive filtering
- Forensic evidence collection guidance (DFRWS framework)
- Detailed regulatory notification deadline tracking
- Escalation path determination by severity and type
使用场景
- Classifying and triaging incoming security alerts
- Determining appropriate severity levels and escalation paths for incidents
- Filtering out known false positives to reduce alert fatigue
- Initiating forensic evidence collection procedures
- Simulating incident response scenarios for tabletop exercises
非目标
- Threat hunting or proactive threat detection
- Post-incident compliance mapping or governance
- Red team offensive simulations
- Cloud security posture assessment
Documentation
- info:Configuration & parameter referenceThe script's command-line arguments are documented, but there is no mention of environment variables or configuration file precedence for the script itself, and the schema for input events is described but not exhaustively documented.
Code Execution
- info:ValidationInput JSON is parsed, but specific validation of event fields like 'event_type' or 'raw_payload' content using a schema library is not explicitly demonstrated in the script.
Compliance
- info:GDPRThe skill processes incident data, which could potentially include personal data. While it doesn't submit data externally, the potential for personal data submission to the LLM exists without explicit sanitization steps mentioned.
安装
请先添加 Marketplace
/plugin marketplace add alirezarezvani/claude-skills/plugin install engineering-team@claude-code-skills质量评分
已验证类似扩展
Context Mode Ops
100使用并行子代理军队管理 context-mode GitHub 问题、PR、发布和营销。为每个任务编排 10-20 个动态代理。在分类问题、审查 PR、发布版本、撰写 LinkedIn 帖子、宣布发布、修复错误、合并贡献、验证 ENV 变量、测试适配器或同步分支时使用。
Prepare Inspection Readiness
100Prepare an organisation for regulatory inspection by assessing readiness against agency-specific focus areas (FDA, EMA, MHRA). Covers warning letter and 483 theme analysis, mock inspection protocols, document bundle preparation, inspection logistics, and response template creation. Use when a regulatory inspection has been announced or is anticipated, when a periodic self-assessment is due, when new systems have been implemented since the last inspection, or after a significant audit finding that may attract regulatory attention.
Monitor Data Integrity
100Design and operate a data integrity monitoring programme based on ALCOA+ principles. Covers detective controls, audit trail review schedules, anomaly detection patterns (off-hours activity, sequential modifications, bulk changes), metrics dashboards, investigation triggers, and escalation matrix definition. Use when establishing a data integrity monitoring programme for GxP systems, preparing for inspections where data integrity is a focus area, after a data integrity incident requiring enhanced monitoring, or when implementing MHRA, WHO, or PIC/S guidance.
Investigate Capa Root Cause
100Investigate root causes and manage CAPAs (Corrective and Preventive Actions) for compliance deviations. Covers investigation method selection (5-Why, fishbone, fault tree), structured root cause analysis, corrective vs preventive action design, effectiveness verification, and trend analysis. Use when an audit finding requires a CAPA, when a deviation or incident occurs in a validated system, when a regulatory observation needs a formal response, when a data integrity anomaly requires investigation, or when recurring issues suggest a systemic root cause.
Master Claude for Legal
100Master skill for legal teams using Claude. Loads the right reference for the user's question (privilege configuration, MCP hardening, verification, long documents, practice-area patterns, skill authoring) and routes to specialized starter skills (NDA triage, version diff, meeting brief, citation verification, status synthesis). Auto-invokes when the user mentions legal work, contracts, redlines, NDAs, privilege, attorney-client, court filings, depositions, regulatory compliance, or asks how to set up Claude for a law firm or in-house legal team.
TradeMemory Protocol
100Evolution Engine 的领域知识 — 支持 LLM 从原始 OHLCV 数据中自主发现策略。涵盖生成-回测-选择-进化循环、向量化回测、样本外验证和策略梯度。在发现交易模式、运行回测、进化策略或审查进化日志时使用。由“evolve”、“discover patterns”、“backtest”、“evolution”、“strategy generation”、“candidate strategy”触发。