Summary
If you're managing Elastic Security detection rules and dealing with noisy alerts, this handles the entire tuning workflow through Kibana's Detection Engine API. You can identify the noisiest rules, investigate false positive patterns by querying the alerts index, then tune them by adding exceptions, tightening queries, or adjusting thresholds. It includes dedicated tooling for both SIEM and endpoint behavior rules, with the workflow pushing you to investigate alert patterns before making changes. The skill comes with clear multi-step workflows for common scenarios like tuning a specific noisy rule or adding exceptions scoped to endpoint behaviors. Requires your Elasticsearch and Kibana credentials, Node.js 22+, and follows a strict execution model that skips the usual file browsing in favor of immediate action.
Install to Claude Code
npx -y skills add elastic/agent-skills --skill security-detection-rule-management --agent claude-codeInstalls into .claude/skills of the current project.
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Files
SKILL.md
Select a file.
Featured
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →
