Stats
Actions
Tags
Tunes SIEM detection rules in Splunk and Elastic by analyzing alert volumes, creating whitelists, adjusting thresholds, and measuring precision/recall to reduce false positives.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills-zh:implementing-siem-use-case-tuningThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
SIEM 用例调优通过系统性地分析检测规则的误报率、根据环境基线调整阈值、创建上下文感知白名单以及通过精确率/召回率指标衡量检测有效性来减少告警疲劳(alert fatigue)。本技能涵盖 Splunk 关联搜索和 Elastic 检测规则的调优工作流,包括统计基线化、排除列表管理以及告警转化为事件的跟踪。
SIEM 用例调优通过系统性地分析检测规则的误报率、根据环境基线调整阈值、创建上下文感知白名单以及通过精确率/召回率指标衡量检测有效性来减少告警疲劳(alert fatigue)。本技能涵盖 Splunk 关联搜索和 Elastic 检测规则的调优工作流,包括统计基线化、排除列表管理以及告警转化为事件的跟踪。
requests 库JSON 报告,包含每条规则的调优建议,含当前误报率、建议的阈值调整、白名单条目和预计告警减少百分比。
npx claudepluginhub killvxk/cybersecurity-skills-zhTunes SIEM detection rules to reduce false positives by analyzing alert volumes, creating whitelists, adjusting thresholds, and measuring efficacy in Splunk and Elastic.
Tunes SIEM detection rules in Splunk and Elastic to reduce false positives by analyzing alert volumes, creating whitelists, adjusting thresholds, and measuring efficacy metrics like precision/recall.
Tunes SIEM detection rules in Splunk and Elastic to reduce false positives by analyzing alert volumes, creating whitelists, adjusting thresholds, and measuring efficacy metrics like precision/recall.