Stats
Actions
Tags
From asp
Reviews ASP security alerts for SOC triage: fetches details/discussions, lists by status/severity/confidence, updates AI fields like severity/confidence/comment.
How this skill is triggered — by the user, by Claude, or both
Slash command
/asp:asp-alert-zhThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
当用户要围绕 ASP 告警开展 SOC 分析工作时,使用这个 skill。
当用户要围绕 ASP 告警开展 SOC 分析工作时,使用这个 skill。 Alert 是 ASP 中的二级数据,每个 Alert 都会挂载到一个 Case,一个 Alert 会挂载一个或多个 Artifact。
list_alerts(alert_id=<id>, limit=1)。get_alert_discussions(alert_id)。list_alerts。update_alert。asp-enrichment-zh skill。list_alerts(alert_id=<id>, limit=1, lazy_load=false) 获取完整关联数据。list_alerts(alert_id=<id>, limit=1) 即可。get_alert_discussions(alert_id)。首选回复结构:
Alert:alert ID、标题或名称、严重级别、状态、置信度、correlation UID。Timeline:存在时给出创建或更新时间。Key Context:来源、规则、类别、负责人或其他高信号字段。Discussions:只在需要时给出最相关的分析或系统备注。Assessment:简短分诊判断。alert_id、status、severity、confidence、correlation_uid、limit。list_alerts。首选回复结构:
| Alert ID | Title | Severity | Status | Confidence | First Seen | Rule Name |
|---|
然后在需要时补一句简短解释。
alert_id。severity_ai、confidence_ai、comment_ai。update_alert。None,说明找不到该告警。alert_id。npx claudepluginhub funnywolf/agentic-soc-platform --plugin ASPManages ASP security alerts: reviews/summarizes by ID/filters, updates AI triage, attaches artifacts/discussions/enrichment for SOC investigation.
Triages new SentinelOne alerts, investigates specifics, searches by severity/status with GraphQL filters, reviews timelines, and manages MSP workflows using read-only tools.
Triage and analyze Orca Security alerts with timeline visualization, risk assessment, and progressive disclosure. Provides summaries, investigation steps, and correlation insights.