detection-sigma
关于
This skill enables creation and management of vendor-agnostic SIEM detection rules using the Sigma format. It allows converting rules between platforms like Splunk and Elasticsearch while supporting threat hunting and detection-as-code workflows. Developers should use it for standardized security monitoring, MITRE ATT&CK mapping, and cross-platform rule portability.
快速安装
Claude Code
推荐npx skills add majiayu000/claude-skill-registry -a claude-code/plugin add https://github.com/majiayu000/claude-skill-registrygit clone https://github.com/majiayu000/claude-skill-registry.git ~/.claude/skills/detection-sigma在 Claude Code 中复制并粘贴此命令以安装该技能
GitHub 仓库
Frequently asked questions
What is the detection-sigma skill?
detection-sigma is a Claude Skill by majiayu000. Skills package instructions and resources that Claude loads on demand, so Claude can perform detection-sigma-related tasks without extra prompting.
How do I install detection-sigma?
Use the install commands on this page: add detection-sigma to Claude Code as a plugin, or clone its repository into your skills directory, then restart Claude so it picks up the skill.
What category does detection-sigma belong to?
detection-sigma is in the incident-response category, tagged sigma, detection, siem, threat-hunting, mitre-attack and detection-engineering.
Is detection-sigma free to use?
Yes. detection-sigma is listed on AIMCP and free to install. It runs inside Claude, so no separate service account is required to use the skill itself.
相关推荐技能
该Skill为开发者提供基于Velociraptor Query Language (VQL)的端点取证与威胁狩猎能力,支持大规模证据收集和实时响应。它适用于多端点调查、IoC狩猎、事件分析及自定义取证场景。通过集成MITRE ATT&CK框架,可系统化执行数字取证和端点监控任务。
这是一个用于跨平台数字取证和威胁狩猎的Claude Skill,它通过SQL查询操作系统数据。开发者可以用它快速收集端点证据、分析进程与网络连接,并构建持续监控查询。该工具特别适用于安全事件响应、实时取证和在全平台(Linux/macOS/Windows)上搜寻入侵指标。
该Skill用于基于Sigma通用格式创建和管理SIEM检测规则,实现跨平台(如Splunk、Elastic等)的规则转换与部署。它支持将检测逻辑映射到MITRE ATT&CK框架,并适用于威胁狩猎、合规监控及检测即代码流水线构建。开发者可通过标准化规则格式提升安全检测工程的一致性与可移植性。
Content Collections 是一个 TypeScript 优先的构建工具,可将本地 Markdown/MDX 文件转换为类型安全的数据集合。它专为构建博客、文档站和内容密集型 Vite+React 应用而设计,提供基于 Zod 的自动模式验证。该工具涵盖从 Vite 插件配置、MDX 编译到生产环境部署的完整工作流。
