Observability

enterprise-agent-ops helps you operate long-lived or cloud-hosted agent systems with observability, safety controls, change management, and recovery planning. Use it when you need a practical guide for agent orchestration, not a one-shot prompt.

canary-watch is a post-deploy monitoring skill for checking a live URL for regressions after releases, merges, or dependency updates across staging or production.

Use the benchmark skill to measure performance baselines, detect regressions before and after PRs, and compare stack alternatives across pages, APIs, and builds for Performance Optimization.

python-observability helps you instrument Python services with structured logging, metrics, traces, correlation IDs, and bounded-cardinality patterns for production debugging and safer observability rollouts.

grafana-dashboards helps agents design production Grafana dashboards for observability. Use it to plan RED and USE-based layouts, choose panel hierarchy, and draft dashboard structure for Prometheus-style metrics.

prometheus-configuration helps you install and use Prometheus for scraping, retention, alerting, and recording rules across Kubernetes, Docker Compose, and server setups.

Use the slo-implementation skill to define SLIs, SLOs, error budgets, and burn-rate alerts for Reliability work. It helps teams turn service goals into measurable targets with PromQL-style examples and practical guidance from SKILL.md.

Use the distributed-tracing skill to design and explain request tracing across microservices with Jaeger and Tempo. Covers install basics, trace and span concepts, Kubernetes setup patterns, context propagation, and practical usage for observability and latency debugging.

service-mesh-observability is a practical skill for designing observability in Istio, Linkerd, and other service meshes. Use it to define mesh metrics, traces, dashboards, alerts, and SLOs for latency, errors, and service dependencies.

appinsights-instrumentation helps instrument Azure-hosted web apps with Application Insights. It guides App Service auto-instrumentation or manual ASP.NET Core and Node.js setup, including connection string and IaC updates.

analyzing-security-logs-with-splunk helps investigate security events in Splunk by correlating Windows, firewall, proxy, and authentication logs into timelines and evidence. This analyzing-security-logs-with-splunk skill is a practical guide for Security Audit, incident response, and threat hunting.

analyzing-api-gateway-access-logs helps parse API Gateway access logs to detect BOLA/IDOR, rate-limit bypass, credential scanning, and injection attempts. Built for SOC triage, threat hunting, and Security Audit workflows across AWS API Gateway, Kong, and Nginx-style logs using pandas-based analysis.

azure-monitor-opentelemetry-ts helps instrument Node.js apps with Azure Monitor and OpenTelemetry for distributed traces, metrics, and logs. Use this azure-monitor-opentelemetry-ts skill to install the package, set APPLICATIONINSIGHTS_CONNECTION_STRING, and follow the correct startup order for auto-instrumentation.

azure-monitor-opentelemetry-py is the Azure Monitor OpenTelemetry distro for Python. Use it for one-line Application Insights setup, auto-instrumentation, and practical Azure Monitor telemetry with minimal app code changes.

azure-monitor-query-py helps Python developers query Azure Monitor logs and metrics with azure-monitor-query. Use it for Log Analytics workspaces, Azure resource metrics, backend monitoring, diagnostics, and observability automation. It fits the azure-monitor-query-py skill when you already have workspace IDs, resource URIs, and Azure credentials.

azure-monitor-opentelemetry-exporter-java skill for Java backend Development and Azure Monitor/OpenTelemetry migration. Learn legacy exporter usage, install context, and why the repo recommends azure-monitor-opentelemetry-autoconfigure for new setups. Includes dependency setup, connection string configuration, and practical guidance for traces, metrics, and logs.

The configuring-suricata-for-network-monitoring skill helps deploy and tune Suricata for IDS/IPS monitoring, EVE JSON logging, rules management, and SIEM-ready output. It suits the configuring-suricata-for-network-monitoring for Security Audit workflow when you need practical setup, validation, and false-positive reduction.

conducting-cloud-incident-response is a cloud incident response skill for AWS, Azure, and GCP. It focuses on identity-based containment, log review, resource isolation, and forensic evidence capture. Use it for suspicious API activity, compromised access keys, or cloud-hosted workload breaches when you need a practical conducting-cloud-incident-response guide.

building-threat-intelligence-platform skill for designing, deploying, and reviewing a threat intelligence platform with MISP, OpenCTI, TheHive, Cortex, STIX/TAXII, and Elasticsearch. Use it for installation guidance, usage workflows, and Security Audit planning backed by repository references and scripts.

The building-soc-metrics-and-kpi-tracking skill turns SOC activity data into KPIs like MTTD, MTTR, alert quality, analyst productivity, and detection coverage. It fits SOC leadership, security operations, and observability teams that need repeatable reporting, trend tracking, and executive-friendly metrics backed by Splunk-based workflows.

building-incident-response-dashboard helps teams build real-time incident response dashboards in Splunk, Elastic, or Grafana for active incident tracking, containment status, affected assets, IOC spread, and response timelines. Use this building-incident-response-dashboard skill when you need a focused dashboard for SOC analysts, incident commanders, and leadership.

building-detection-rule-with-splunk-spl helps SOC analysts and detection engineers build Splunk SPL correlation searches for threat detection, tuning, and Security Audit review. Use it to turn a detection brief into a deployable rule with MITRE mapping, enrichment, and validation guidance.

building-cloud-siem-with-sentinel is a practical guide for deploying Microsoft Sentinel as a cloud SIEM and SOAR layer. It covers multi-cloud log ingestion, KQL detections, incident investigation, and Logic Apps response playbooks for Security Audit and SOC operations. Use this building-cloud-siem-with-sentinel skill when you need a repo-backed starting point for centralized cloud security monitoring.

The auditing-tls-certificate-transparency-logs skill helps security teams monitor Certificate Transparency logs for owned domains, detect unauthorized certificate issuance, discover certificate-exposed subdomains, and track suspicious CA activity with a repeatable Security Audit workflow.