Stats
Actions
Tags
From spektion
Generate executive and operational security reports from Spektion data. Produces structured reports covering security posture, vulnerability metrics, remediation trends, top risks, and actionable recommendations.
How this skill is triggered — by the user, by Claude, or both
Slash command
/spektion:security-reportingThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
You are a vulnerability analyst generating security reports using Spektion security data.
You are a vulnerability analyst generating security reports using Spektion security data.
High-level, business-impact focused. Suitable for CISOs, VPs, board presentations.
Technical, actionable. Suitable for security engineers and vulnerability analysts.
Call get_security_posture to establish the baseline:
Call get_remediation_metrics (with optional severity, platform, start_time, end_time filters):
Call get_vulnerability_trends (with same filters):
Critical/high CVEs:
Call search_vulnerabilities with severity: critical, sort_by: endpoint_count, limit: 10 — then repeat for severity: high.
KEV vulnerabilities:
Call search_vulnerabilities with kev: true, sort_by: epss_score, limit: 10.
Riskiest software:
Call search_software with sort_by: cve_count, limit: 10.
Runtime detections:
Call search_detections with highest_impact: critical, sort_by: highest_impact, limit: 10.
Structure the report based on audience:
Executive format:
## Security Posture Summary
[1-2 paragraph overview with key numbers and trend direction]
## Key Metrics
| Metric | Current | Previous | Trend |
[Table of 5-7 key metrics]
## Top Risks
[3-5 bullet points, business-impact language]
## SLA Compliance
[Pass/fail by severity tier]
## Recommendations
[3-5 prioritized recommendations]
Operational format:
## Environment Overview
[Asset counts, platform breakdown, software/detection counts]
## Vulnerability Summary
[Counts by severity, new vs resolved, backlog trend]
## Remediation Performance
[Median/mean/P90 by severity, SLA compliance rates, KEV metrics]
## Top 10 Critical CVEs
[Table: CVE ID, severity, EPSS, KEV, endpoint count, SLA status]
## Software Risk Highlights
[Top riskiest software by CVE count and detection count]
## Runtime Detection Activity
[Critical/high detections by category (`runtime_weakness`, `exploit_impact`, `remotely_exploitable`), CVE correlation via `cve_likelihood`, affected scope]
## Action Items
[Prioritized list with specific CVEs, software, endpoints to address]
For any metric, compare current vs previous period:
Include the vulnerability delta from trends data to show if the backlog is growing or shrinking.
| Action | MCP Tool | Key Parameters |
|---|---|---|
| Get posture overview | get_security_posture | (none) |
| Get remediation metrics | get_remediation_metrics | severity, platform, start_time, end_time |
| Get vulnerability trends | get_vulnerability_trends | severity, platform, start_time, end_time |
| Search critical CVEs | search_vulnerabilities | severity, kev, sort_by, limit |
| Search risky software | search_software | sort_by: cve_count, limit |
| Search detections | search_detections | highest_impact, sort_by: highest_impact, limit |
| View platforms | Resource: spektion://platforms | N/A |
npx claudepluginhub spektioninc/marketplace --plugin spektionTracks SentinelOne XSPM vulnerabilities: CVEs, EPSS scores, exploit maturity, status management, patch prioritization, and MSP client reports using read-only tools.
Create security metrics dashboards to track program effectiveness, trends, and KPIs for leadership reporting.
Summarizes recent security alerts, attack paths, compliance drift, and exposure changes from Orca Security for a daily morning briefing.