from anthropic-cybersecurity-skills4,245
Guides procurement, evaluation, and proof-of-concept testing for Threat Intelligence Platforms (MISP, OpenCTI, ThreatConnect, Anomali, EclecticIQ) based on inte
Provides a practical, structured evaluation workflow for selecting and implementing Threat Intelligence Platforms (TIPs). The skill defines mandatory and desired criteria (STIX/TAXII support, API capabilities, SIEM/EDR/SOAR integrations, deduplication, RBAC), outlines vendor pros/cons for MISP, OpenCTI, ThreatConnect, Anomali, and EclecticIQ, and prescribes PoC tests, weighted scoring matrices, and a 90-day implementation plan.
Use this skill when running an RFP or procurement for a TIP, planning migration between platforms, or validating whether an existing TIP meets organizational maturity and integration needs. Not intended for standalone feed-quality analysis.
Designed for security-focused agents and integrations (Claude Code, Codex CLI, Copilot, Cursor, other agent runtimes that perform security procurement tasks).
TIP evaluation skill with a weighted scoring matrix and comparison report generator. Script ran successfully, producing a ranked comparison of MISP, OpenCTI, and ThreatConnect. SSL verification is disabled by default in test_misp_api and test_opencti_api (verify_ssl=False), and API keys are accepted via env vars or CLI args — moderate security concerns but not malicious. Code is functional but uses deprecated datetime.utcnow() and has hardcoded sample scores rather than dynamic evaluation.
The skill is a structured evaluation guide for TIP procurement — genuinely useful for security teams doing vendor selection. The script is a scoring calculator, not an automated assessor. SSL-verify=False default is a real concern for a cybersecurity skill. Niche audience (CTI program managers), not broadly applicable.
