Skip to main content

/

/

Stats

Actions

Tags

Stats

Actions

Tags

ClaudePluginHub

Community directory for discovering and installing Claude Code plugins.

Find plugins for your project

AI-powered recommendations based on your stack.

Product

Browse Plugins
Marketplaces
Pricing
About
Contact

Resources

Learning Center
Blog
Weekly Digest
Claude Code Docs
Plugin Guide
Plugin Reference
Plugin Marketplaces

Community

Browse on GitHub
Get Support

Legal

Terms of Service
Privacy Policy

Browse · Plugins · Top Plugins · Marketplaces · Components · Technologies · Skills · Agents · Commands · Hooks · MCP Servers · LSP Servers · Output Styles · Themes · Monitors

Categories · Productivity · Development · Testing · Deployment · Security · Documentation · Data · Utilities

© 2025 ClaudePluginHub

Community Maintained · Not affiliated with Anthropic

ClaudePluginHub

ClaudePluginHub

Tools Learn Pricing

Search everything...

audit-forensics | security-compliance

Home
Skills
security-compliance
audit-forensics

Skill

audit-forensics

From security-compliance

Forensic walk of ThreatLocker audit logs to investigate a specific file, computer, or time window -- surfaces blocked executions, lateral movement, and pivot points. Use when user asks "investigate this file/host", "what happened on X", or during IR.

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/security-compliance:audit-forensics

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Inputs: one of file hash, file path, computer name, time window.

SKILL.md

23 lines · ~280 tokens

Stats

LanguageTypeScript

Parent stars0

MaintenanceGood

Last CommitJun 11, 2026

Actions

View Source View Plugin View on GitHub View README

Stats

LanguageTypeScript

Parent stars0

MaintenanceGood

Last CommitJun 11, 2026

Actions

View Source View Plugin View on GitHub View README

Audit Forensics (ThreatLocker)

Pipeline

Inputs: one of file hash, file path, computer name, time window.

threatlocker_audit_search filtered to the input + time window.
Pivot fan-out (parallel):
- If file: threatlocker_audit_file_history (cross-org occurrence).
- If computer: threatlocker_computers_get_checkins, threatlocker_audit_search action_type=blocked for the same host.
In ctx_execute:
- Timeline reconstruction: sort events, mark first-seen, lateral movement (file appearing on additional hosts within the window).
- Highlight blocks -> bypass attempts (multiple block events for same hash in short window).
Output:
- Markdown timeline.
- Hosts touched, users touched, hashes touched.
- Recommended follow-ups (lock down, request more info, escalate).

$

npx claudepluginhub w159/tech-tools --plugin security-compliance

Similar Skills

healthcare-cdss-patterns

217.3k

Provides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.

View healthcare-cdss-patterns