The Agent Skills Directory

[DATA_EXPOSURE]: The automation script scripts/agent.py disables SSL certificate verification when connecting to the Splunk management API using verify=False in the requests call. This is a common best-practice violation that could allow for intercepting traffic in insecure network environments.
[CREDENTIALS_UNSAFE]: The script accepts sensitive security tokens, such as the CrowdStrike API token and Splunk session key, as command-line arguments. This can expose credentials to other users on the system via process listing tools or command history.
[EXTERNAL_DOWNLOADS]: The IR automation script interacts with established external security services including id-ransomware.malwarehunterteam.com, nomoreransom.org, and mb-api.abuse.ch for the purpose of ransomware identification and finding decryptors.

building-soc-playbook-for-ransomware