security-detection-rule-management
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses environment variables for Kibana and Elasticsearch credentials, preventing hardcoded secrets.
- [EXTERNAL_DOWNLOADS]: Fetches rule definitions from the trusted 'elastic/protections-artifacts' repository on GitHub.
- [SAFE]: Implements a query validation system to verify the syntax of KQL, EQL, and ES|QL detection queries.
- [SAFE]: Protects all rule modification and deletion operations with mandatory confirmation prompts to ensure authorized execution.
- [SAFE]: Processes alert data from Elasticsearch to support rule tuning; potential ingestion risks are mitigated by instructions for faithful reporting and the use of specialized management tools.
Audit Metadata