conducting-cloud-incident-response

Installation
SKILL.md

Conducting Cloud Incident Response

When to Use

  • Cloud security posture management (CSPM) alerts on unauthorized resource changes
  • CloudTrail, Azure Activity Logs, or GCP Audit Logs show suspicious API calls
  • Cloud access keys or service principal credentials are suspected compromised
  • Unauthorized compute instances, storage buckets, or IAM changes are detected
  • A cloud-hosted application is breached and attacker activity spans cloud services

Do not use for on-premises-only incidents with no cloud component; use standard enterprise IR procedures.

Prerequisites

Installs
102
GitHub Stars
24.2K
First Seen
Mar 15, 2026
conducting-cloud-incident-response — mukul975/anthropic-cybersecurity-skills