Skills

analyzing-indicators-of-compromise

Installation
SKILL.md

Analyzing Indicators of Compromise

When to Use

Use this skill when:

  • A phishing email or alert generates IOCs (URLs, IP addresses, file hashes) requiring rapid triage
  • Automated feeds deliver bulk IOCs that need confidence scoring before ingestion into blocking controls
  • An incident investigation requires contextual enrichment of observed network artifacts

Do not use this skill in isolation for high-stakes blocking decisions — always combine automated enrichment with analyst judgment, especially for shared infrastructure (CDNs, cloud providers).

Prerequisites

  • VirusTotal API key (free or Enterprise) for multi-AV and sandbox lookup
  • AbuseIPDB API key for IP reputation checks
  • MISP instance or TIP for cross-referencing against known campaigns
  • Python with requests and vt-py libraries, or SOAR platform with pre-built connectors

Workflow

Installs
210
Repository
mukul975/anthro…y-skills
GitHub Stars
18.3K
First Seen
Mar 15, 2026
Security Audits
Gen Agent Trust HubFail
SocketPass
SnykFail
analyzing-indicators-of-compromise — mukul975/anthropic-cybersecurity-skills