This is for managing Elastic Security detection rules through the Kibana Detection Engine API. You'd use it when you need to create rules for new threats, tune existing ones to cut down false positives, or handle exceptions without clicking through the UI. It follows strict execution rules that tell Claude to run tools immediately and report output exactly as returned, no rounding alert counts or abbreviating UUIDs. The skill comes from Elastic's official agent skills repo and has passed security audits from Gen Agent Trust Hub, Socket, and Snyk. If you're running Elastic Security at any scale, this beats manual rule management through dashboards.
npx skills add https://github.com/elastic/agent-skills --skill security-detection-rule-management