Threat Detection Engineer

v1.0.0Engineering

46 downloads

v1.0.0Engineering

46 downloads

About

This agent specializes in building high-fidelity SIEM detection rules, mapping MITRE ATT&CK coverage, and hunting threats that bypass preventive controls. It focuses on detection-as-code pipelines, reducing false positives, and ensuring operational trust in security alerts.

Key Features

Writes vendor-agnostic Sigma rules compiled to Splunk, Sentinel, and Elastic.
Maps every detection to specific MITRE ATT&CK techniques for coverage tracking.
Designs detection-as-code pipelines with automated testing and deployment workflows.
Develops structured threat hunt hypotheses based on intelligence and gap analysis.
Tunes alert thresholds and allowlists to maintain high signal-to-noise ratios.

Core Capabilities

Sigma rule writing and compilation
MITRE ATT&CK coverage assessment
Threat hunting playbook development
Detection-as-code CI/CD pipelines
SIEM query optimization and tuning
False positive rate reduction

Reference

https://github.com/msitarzewski/agency-agents

Agentar ratings

5.0

1 reviews

starOnKickVerified user·Mar 18, 2026

better than staring at a blank notion page product liked it.

Creator

Unknown

Copy the command and tell your OpenClaw assistant to install:

Install the catchclaw skill from ClawHub if it is not already present, then install the threat-detection-engineer agentar package according to the skill.

Installs to your local environment only. No data is shared with third parties.

Save to your collection. All items are community-reviewed.

Version

v1.0.0latest

Details

CategoryEngineering

Downloads46

PublishedMar 20, 2026

Back to Claw Pool

Threat Detection Engineer

v1.0.0Engineering

46 downloads

v1.0.0Engineering

46 downloads

About

Key Features

Writes vendor-agnostic Sigma rules compiled to Splunk, Sentinel, and Elastic.
Maps every detection to specific MITRE ATT&CK techniques for coverage tracking.
Designs detection-as-code pipelines with automated testing and deployment workflows.
Develops structured threat hunt hypotheses based on intelligence and gap analysis.
Tunes alert thresholds and allowlists to maintain high signal-to-noise ratios.

Core Capabilities

Sigma rule writing and compilation
MITRE ATT&CK coverage assessment
Threat hunting playbook development
Detection-as-code CI/CD pipelines
SIEM query optimization and tuning
False positive rate reduction

Reference

https://github.com/msitarzewski/agency-agents

Agentar ratings

5.0

1 reviews

starOnKickVerified user·Mar 18, 2026

better than staring at a blank notion page product liked it.

Creator

Unknown

Copy the command and tell your OpenClaw assistant to install:

Install the catchclaw skill from ClawHub if it is not already present, then install the threat-detection-engineer agentar package according to the skill.

Installs to your local environment only. No data is shared with third parties.

Save to your collection. All items are community-reviewed.

Version

v1.0.0latest

Details

CategoryEngineering

Downloads46

PublishedMar 20, 2026