Stats
Actions
Tags
From cybersecurity-skills
Parses API Gateway access logs (AWS, Kong, Nginx) to detect BOLA/IDOR, rate limit bypass, credential scanning, and injection attempts using pandas.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills:analyzing-api-gateway-access-logsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- When investigating security incidents that require analyzing api gateway access logs
Parse API gateway access logs to identify attack patterns including broken object level authorization (BOLA), excessive data exposure, and injection attempts.
import pandas as pd
df = pd.read_json("api_gateway_logs.json", lines=True)
# Detect BOLA: same user accessing many different resource IDs
bola = df.groupby(["user_id", "endpoint"]).agg(
unique_ids=("resource_id", "nunique")).reset_index()
suspicious = bola[bola["unique_ids"] > 50]
Key detection patterns:
# Detect 401 surges indicating credential scanning
auth_failures = df[df["status_code"] == 401]
scanner_ips = auth_failures.groupby("source_ip").size()
scanners = scanner_ips[scanner_ips > 100]
npx claudepluginhub costrict-plugins-repo/mukul975-anthropic-cybersecurity-skills-cybersecurity-skillsParses API Gateway access logs (AWS API Gateway, Kong, Nginx) to detect BOLA/IDOR attacks, rate limit bypass, credential scanning, and injection attempts using pandas for statistical analysis.
Parses AWS API Gateway, Kong, and Nginx access logs using pandas to detect BOLA/IDOR attacks, rate limit bypasses, credential scanning, and injection attempts. Useful for investigating API abuse and building threat detection rules.
Parses AWS API Gateway, Kong, and Nginx access logs using pandas to detect BOLA/IDOR attacks, rate limit bypasses, credential scanning, and injection attempts. Useful for investigating API abuse and building threat detection rules.