SecOps Detection Coverage Skill

This skill guides the agent through an end-to-end detection engineering lifecycle using Google SecOps MCP tools. It handles multiple Threat Detection Opportunities (TDOs) and ensures exhaustive coverage evaluation for all generated synthetic events.

Workflow Execution Checklist

Copy this checklist and track progress for each iteration:

• Step 1: Extract raw text content from a source (for example, blog URL).
• Step 2: Generate Threat Detection Opportunities (TDOs).
• Step 3: Loop through ALL TDOs to generate synthetic events.
• Step 4: Loop through ALL UDM events to evaluate rule coverage.
• Step 5: For identified rules, check enablement and alerting status.
• Step 6: Generate new rules for identified gaps.
• Step 7: Provide a structured summary of findings and gaps.