Skills

security-detections-mcp

Installation
SKILL.md

security-detections-mcp

Skill by ara.so — Security Skills collection

An MCP (Model Context Protocol) server providing LLM access to 8,200+ security detection rules across Sigma, Splunk ESCU, Elastic, KQL, Sublime, and CrowdStrike CQL formats, with MITRE ATT&CK mapping, coverage analysis, and autonomous detection engineering.

What It Does

  • Unified detection search across 6 major security platforms (Sigma, Splunk, Elastic, KQL, Sublime, CrowdStrike)
  • MITRE ATT&CK integration with 172 threat actors, 784 software, 4,362 actor-technique relationships
  • Coverage analysis identifying gaps in detection by tactic/technique/actor
  • ATT&CK Navigator layers exportable as JSON for visualization
  • Autonomous detection pipeline from CTI ingestion to draft PR generation
  • 81 MCP tools for detection engineering (local) or ~25 tools (hosted)
  • 11 expert prompts for ransomware assessment, APT emulation, purple teaming

Installation

Local Installation (Full Power)

Installs
446
Repository
aradotso/security-skills
GitHub Stars
1
First Seen
May 20, 2026
Security Audits
Gen Agent Trust HubPass
SocketWarn
SnykWarn
security-detections-mcp — aradotso/security-skills