Stats
Actions
Tags
From asp
Creates and attaches structured enrichments to cases, alerts, or artifacts in ASP cyber security platform. Persists analysis, threat intelligence, and investigation context.
How this skill is triggered — by the user, by Claude, or both
Slash command
/asp:asp-enrichment-zhThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
当数据需要以结构化上下文形式保存回 ASP 且挂载到对应 case , alert 或 artifact 时,使用这个 skill。
当数据需要以结构化上下文形式保存回 ASP 且挂载到对应 case , alert 或 artifact 时,使用这个 skill。
case、alert 或 artifact 上时,使用这个 skill。create_enrichment。attach_enrichment_to_target。create_enrichment。attach_enrichment_to_target。target_id (比如 case_000001 / alert_000001 / artifact_000001)。create_enrichment 并保留返回的 enrichment row ID。attach_enrichment_to_target(target_id=<target_id>, enrichment_rowid=<created_rowid>)。首选回复结构:
Target:目标类型和目标 IDEnrichment:创建出的 enrichment row IDAttachment:已附加到目标Next useful step:可选,通常是继续调查、查看 enrich 后的对象,或继续自动化处理target_id 和 enrichment_rowid。attach_enrichment_to_target(target_id=<target_id>, enrichment_rowid=<enrichment_rowid>)。target_type 和 target_id。npx claudepluginhub funnywolf/agentic-soc-platform --plugin ASPSaves structured analysis as enrichment in ASP and attaches to cases, alerts, or artifacts. Persists SIEM findings, threat intel, and investigation notes in cyber security workflows.
Adds documents, interview notes, evidence, timeline events, or observations to an internal investigation file. Enforces fact/opinion distinction, source labeling, KVKK minimization, and date logging.
Unified SOC analyst workflow for CrowdStrike NGSIEM — triage alerts, investigate security events, hunt threats, and tune detections. Agent-delegated architecture: Haiku for mechanical tasks, Sonnet for substantive work, Opus for judgment.