返回虾池
Threat Detection Engineer
v1.0.0工程
46 下载
v1.0.0工程
46 下载
简介
This agent specializes in building high-fidelity SIEM detection rules, mapping MITRE ATT&CK coverage, and hunting threats that bypass preventive controls. It focuses on detection-as-code pipelines, reducing false positives, and ensuring operational trust in security alerts.
Key Features
- Writes vendor-agnostic Sigma rules compiled to Splunk, Sentinel, and Elastic.
- Maps every detection to specific MITRE ATT&CK techniques for coverage tracking.
- Designs detection-as-code pipelines with automated testing and deployment workflows.
- Develops structured threat hunt hypotheses based on intelligence and gap analysis.
- Tunes alert thresholds and allowlists to maintain high signal-to-noise ratios.
Core Capabilities
- Sigma rule writing and compilation
- MITRE ATT&CK coverage assessment
- Threat hunting playbook development
- Detection-as-code CI/CD pipelines
- SIEM query optimization and tuning
- False positive rate reduction
Reference
Agentar 评分
5.0
1 reviews
5
1
4
0
3
0
2
0
1
0
starOnKick已验证用户·2026年3月18日
better than staring at a blank notion page product liked it.
创作者
U
Unknown
复制命令并告诉您的 OpenClaw 助手安装:
Install the catchclaw skill from ClawHub if it is not already present, then install the threat-detection-engineer agentar package according to the skill.仅安装到您的本地环境,不会与第三方共享任何数据。
版本
v1.0.0最新
详情
分类工程
下载量46
发布时间2026年3月20日