performing-insider-threat-investigation

Installation
SKILL.md

Performing Insider Threat Investigation

When to Use

  • DLP (Data Loss Prevention) alerts on large data transfers to personal cloud storage or USB devices
  • User behavior analytics (UBA) detects anomalous access patterns for a user account
  • HR reports a departing employee suspected of taking proprietary information
  • A privileged user is observed accessing systems outside their job function
  • Whistleblower or coworker report alleges policy violations or data theft

Do not use for external attacker investigations where compromised credentials are used without insider collusion; use standard incident response procedures instead.

Prerequisites

Installs
20
GitHub Stars
24.2K
First Seen
Mar 23, 2026
performing-insider-threat-investigation — mukul975/anthropic-cybersecurity-skills