Detection Use Cases Skill

Comprehensive detection capabilities for identifying security threats across all attack vectors. Supports rule creation, event analysis, and threat hunting workflows.

Capabilities

• Network Detections: Port scanning, DNS tunneling, beaconing, lateral movement, exfiltration
• Endpoint Detections: Malware, ransomware, process injection, credential dumping, persistence
• Identity Detections: Brute force, credential stuffing, impossible travel, privilege abuse
• Cloud Detections: Resource hijacking, IAM abuse, cryptomining, container escape
• Application Detections: SQL injection, XSS, web shells, API abuse
• Email Detections: Phishing, BEC, malicious attachments
• Detection Rule Management: Create, test, and tune detection rules

Quick Start

from detection_utils import (
    NetworkDetector, EndpointDetector, IdentityDetector,