from anthropic-cybersecurity-skills4,245
Guides procurement, evaluation, and proof-of-concept testing for Threat Intelligence Platforms (MISP, OpenCTI, ThreatConnect, Anomali, EclecticIQ) based on inte
Provides a practical, structured evaluation workflow for selecting and implementing Threat Intelligence Platforms (TIPs). The skill defines mandatory and desired criteria (STIX/TAXII support, API capabilities, SIEM/EDR/SOAR integrations, deduplication, RBAC), outlines vendor pros/cons for MISP, OpenCTI, ThreatConnect, Anomali, and EclecticIQ, and prescribes PoC tests, weighted scoring matrices, and a 90-day implementation plan.
Use this skill when running an RFP or procurement for a TIP, planning migration between platforms, or validating whether an existing TIP meets organizational maturity and integration needs. Not intended for standalone feed-quality analysis.
Designed for security-focused agents and integrations (Claude Code, Codex CLI, Copilot, Cursor, other agent runtimes that perform security procurement tasks).
This skill has not been reviewed by our automated audit pipeline yet.
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) postings to extract victim, group, sector, and timeline intelligence for threat hunting and risk assessment.
Performing Threat Modeling with OWASP Threat Dragon
Use OWASP Threat Dragon to create data-flow diagrams, apply STRIDE/LINDDUN threat classifications, and generate threat-model reports to guide secure design revi
