building-ioc-defanging-and-sharing-pipeline

Installation
SKILL.md

Building IOC Defanging and Sharing Pipeline

Overview

IOC defanging modifies potentially malicious indicators (URLs, IP addresses, domains, email addresses) to prevent accidental clicks or execution while preserving readability for analysis and sharing. This skill covers building an automated pipeline that ingests raw IOCs from multiple sources, normalizes and deduplicates them, applies defanging for safe human consumption, converts them to STIX 2.1 format for machine consumption, and distributes through TAXII servers, MISP instances, and email reports.

When to Use

  • When deploying or configuring building ioc defanging and sharing pipeline capabilities in your environment
  • When establishing security controls aligned to compliance requirements
  • When building or improving security architecture for this domain
  • When conducting security assessments that require this implementation

Prerequisites

Installs
98
GitHub Stars
24.2K
First Seen
Mar 16, 2026
building-ioc-defanging-and-sharing-pipeline — mukul975/anthropic-cybersecurity-skills