containing-active-breach

Installation
SKILL.md

Containing Active Breaches

When to Use

  • A confirmed intrusion is in progress with an active adversary on the network
  • Malware is spreading laterally across endpoints or servers
  • A compromised account is being used for unauthorized access to systems
  • Ransomware encryption has been detected and is actively propagating
  • An attacker has established command-and-control communications from internal hosts

Do not use for post-incident cleanup when the adversary is no longer active; use eradication procedures instead.

Prerequisites

Installs
52
GitHub Stars
24.2K
First Seen
Mar 15, 2026
containing-active-breach — mukul975/anthropic-cybersecurity-skills