osquery-query-helper
Osquery Query Helper
What This Skill Does
Help users with all aspects of osquery query work:
- Write queries from scratch based on investigation goals
- Validate queries the user has written against the schema
- Troubleshoot queries that aren't working as expected
- Suggest improvements for performance and accuracy
All work is grounded in the tables and columns defined in the provided schema files for the specified EDR platform.
When to Use
- User needs a query written for incident response or threat hunting
- User wants to validate an existing query against the correct schema
- User has a query that's failing and needs help troubleshooting
- User wants suggestions to improve query performance
More from tsale/awesome-dfir-skills
malware-analysis
Professional malware analysis workflow for PE executables and suspicious files. Triggers on file uploads with requests like "analyze this malware", "analyze this sample", "what does this executable do", "check this file for malware", or any request to examine suspicious files. Performs static analysis, threat intelligence triage, behavioral inference, and produces analyst-grade reports with reasoned conclusions.
34analysing-attack
Analyse Mitre ATT&CK tactics, techniques and sub-techniques. Use when performing analysis of threat detections, threat models, security risks or cyber threat intelligence
5threat-actor-profiling
Build structured threat actor profiles using the 5W1H framework and the Diamond Model. Use this skill whenever the user wants to profile a threat actor, create a TA report, analyze an APT group, build an adversary profile, assess threat actor capability, map TTPs to MITRE ATT&CK for a specific group, or produce any intelligence deliverable about a threat actor. Also trigger when the user mentions threat actor names (e.g. APT29, Lazarus, FIN7), asks about victimology, modus operandi, or wants to structure threat intelligence around an adversary. This skill applies to both internal tracking profiles and incident-driven analytical deliverables.
1