Summary
This is for blue and purple team work: writing Sigma and YARA rules, tuning SIEM alert noise, responding to incidents, doing forensics, and running threat hunts. It enforces a strict methodology where every detection rule must answer what, why, false positive rate, and response action before going live. The skill routes you through three reference docs depending on whether you're building detections, handling an active incident, or hunting threats. It's opinionated about treating detection rules like production code with git, tests, and CI, and it won't let you ship a rule with more than 5% false positives. Maps everything back to ATT&CK techniques and includes forensic chain of custody practices. Use this when you're actually building or operating a security detection stack, not for architectural threat modeling or application security work.
Install to Claude Code
npx -y skills add telagod/code-abyss --skill detecting-and-responding --agent claude-codeInstalls into .claude/skills of the current project.
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Files
SKILL.md
Select a file.
Featured
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
