Skills

alibabacloud-cfw-ips-event

Installation
SKILL.md

IPS Alert Event Analysis

Skill Scope Notes:

  • This skill is designed to use Aliyun CLI cloudfw commands as its primary data source.
  • It does not depend on local log files, SIEM exports, or direct host access.
  • It does not require SSH or direct connections to server IPs.
  • For IP-focused investigations, prefer DescribeRiskEventGroup with --SrcIP or --DstIP.

Scenario Description

Query and analyze IPS (Intrusion Prevention System) security events and alerts detected by Alibaba Cloud Firewall, helping quickly locate threats and provide remediation recommendations.

Architecture: Cloud Firewall Service → IPS Engine → Event Detection + Attack Analysis + Protection Configuration

Capability Level: Query (read-only)

Data Source: All data is obtained exclusively through Aliyun CLI commands (aliyun cloudfw ...). No log files, no databases, no server access, no SIEM — just CLI commands. Do NOT search the workspace for files. Do NOT ask the user for anything. Just run the commands.

Installs
142
Repository
aliyun/alibabac…s-skills
GitHub Stars
167
First Seen
Apr 2, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
alibabacloud-cfw-ips-event — aliyun/alibabacloud-aiops-skills