SKILL·AF1AA0

detection-sigma

majiayu000
Updated 1 month ago
17 views
58
9
58
View on GitHub
Othersigmadetectionsiemthreat-huntingmitre-attackdetection-engineeringlog-analysis

About

This skill enables creation and management of vendor-agnostic SIEM detection rules using the Sigma format. It allows converting rules between platforms like Splunk and Elasticsearch while supporting threat hunting and detection-as-code workflows. Developers should use it for standardized security monitoring, MITRE ATT&CK mapping, and cross-platform rule portability.

Quick Install

Claude Code

Recommended
Primary
npx skills add majiayu000/claude-skill-registry -a claude-code
Plugin CommandAlternative
/plugin add https://github.com/majiayu000/claude-skill-registry
Git CloneAlternative
git clone https://github.com/majiayu000/claude-skill-registry.git ~/.claude/skills/detection-sigma

Copy and paste this command in Claude Code to install this skill

GitHub Repository

majiayu000/claude-skill-registry
Path: skills/data/detection-sigma
0
FAQ

Frequently asked questions

What is the detection-sigma skill?

detection-sigma is a Claude Skill by majiayu000. Skills package instructions and resources that Claude loads on demand, so Claude can perform detection-sigma-related tasks without extra prompting.

How do I install detection-sigma?

Use the install commands on this page: add detection-sigma to Claude Code as a plugin, or clone its repository into your skills directory, then restart Claude so it picks up the skill.

What category does detection-sigma belong to?

detection-sigma is in the incident-response category, tagged sigma, detection, siem, threat-hunting, mitre-attack and detection-engineering.

Is detection-sigma free to use?

Yes. detection-sigma is listed on AIMCP and free to install. It runs inside Claude, so no separate service account is required to use the skill itself.

Related Skills

ir-velociraptor
Other

This skill enables large-scale endpoint forensics and incident response using Velociraptor Query Language (VQL). It's designed for collecting evidence, hunting threats, and performing live response across multiple systems. Developers can use it to gather telemetry, monitor security events, and create custom forensic artifacts for investigations.

View skill
forensics-osquery
Other

This skill enables SQL-based forensic investigation and threat hunting by querying endpoint operating systems as relational databases via osquery. It's designed for rapid evidence collection, incident response, and analyzing system artifacts like processes, network connections, and file hashes across Linux, macOS, and Windows. Use it for live forensics, building detection queries, and hunting for compromise indicators during security incidents.

View skill
detection-sigma
Other

This skill enables the creation and management of universal, vendor-agnostic SIEM detection rules using the Sigma format. It allows developers to write rules once and convert them for platforms like Splunk, Elastic, QRadar, and Sentinel, facilitating threat hunting and detection-as-code pipelines. Key features include mapping detections to MITRE ATT&CK and implementing compliance monitoring.

View skill
content-collections
Meta

This skill provides a production-tested setup for Content Collections, a TypeScript-first tool that transforms Markdown/MDX files into type-safe data collections with Zod validation. Use it when building blogs, documentation sites, or content-heavy Vite + React applications to ensure type safety and automatic content validation. It covers everything from Vite plugin configuration and MDX compilation to deployment optimization and schema validation.

View skill