Turns 323 structured cybersecurity prompts and 7 chained workflows into MCP tools that Claude can call directly. Instead of copy-pasting IR playbooks or pentest methodologies, you ask Claude to run an incident response for a Splunk alert or audit your AWS IAM, and it walks through detection, containment, eradication with concrete commands at each step. Covers red team AD attacks, blue team detection engineering, SOC queries for Splunk/Sentinel/Elastic, cloud audits across AWS/Azure/GCP, OSINT footprinting, GRC frameworks like ISO 27001, CVE triage, and LLM red teaming. Prompts are tagged to MITRE ATT&CK tactics. Useful when you want repeatable security operations without maintaining your own prompt library, or when running purple team exercises that need coverage across the kill chain.
claude mcp add --transport stdio xu-c0-cybersec-mcp uvx cybersec-mcp