SAT-skill

SAT-skill

Claude Skill to run Structured Analytic Techniques for infosec investigations

This skill is designed to assist investigators who wish to use formal techniques to check their assumptions, hypotheses, etc. It will not (or should not) run the analysis for you, but should prompt Claude to guide you through a formal analysis of your results.

Techniques implemented

• Analysis of Competing Hypotheses - analyze whether other explanations might fit your data better than your present conclusion
• Devil's Advocacy - stress-test your conclusions by making the strongest possible case against them.
• Diamond Model - Map an intrusion to an attacker via their capabilities and infrastructure.
• Indicators/Signposts of Change - Identify future possible events given previous behavior, track which ones occur to identify trends in behavior
• Key Assumptions Check - Examine the assumptions behind a hypothesis
• Quality of Information Check - systematically evaluate the quality of the information used in the analysis
• What If? Analysis - Look at multiple possible scenarios given a possible change in observed behavior or data

Author

Aaron Gee-Clough