Logging

analyzing-security-logs-with-splunk helps investigate security events in Splunk by correlating Windows, firewall, proxy, and authentication logs into timelines and evidence. This analyzing-security-logs-with-splunk skill is a practical guide for Security Audit, incident response, and threat hunting.

analyzing-azure-activity-logs-for-threats skill for querying Azure Monitor activity logs and sign-in logs to spot suspicious admin actions, impossible travel, privilege escalation, and resource tampering. Built for incident triage with KQL patterns, an execution path, and practical Azure log table guidance.

analyzing-api-gateway-access-logs helps parse API Gateway access logs to detect BOLA/IDOR, rate-limit bypass, credential scanning, and injection attempts. Built for SOC triage, threat hunting, and Security Audit workflows across AWS API Gateway, Kong, and Nginx-style logs using pandas-based analysis.

azure-monitor-opentelemetry-ts helps instrument Node.js apps with Azure Monitor and OpenTelemetry for distributed traces, metrics, and logs. Use this azure-monitor-opentelemetry-ts skill to install the package, set APPLICATIONINSIGHTS_CONNECTION_STRING, and follow the correct startup order for auto-instrumentation.

azure-monitor-opentelemetry-py is the Azure Monitor OpenTelemetry distro for Python. Use it for one-line Application Insights setup, auto-instrumentation, and practical Azure Monitor telemetry with minimal app code changes.

The analyzing-web-server-logs-for-intrusion skill parses Apache and Nginx access logs to detect SQL injection, local file inclusion, directory traversal, scanner fingerprints, brute-force bursts, and anomalous request patterns. Use it for intrusion triage, threat hunting, and Security Audit workflows with GeoIP enrichment and signature-based detection.

analyzing-linux-audit-logs-for-intrusion is a Linux incident-response skill for auditd review, helping you find suspicious logins, privilege escalation, file tampering, and host intrusion evidence with ausearch, aureport, and auditctl.

analyzing-kubernetes-audit-logs is a Kubernetes security analysis skill for turning API server audit logs into actionable findings. Use it to investigate exec into pods, secret access, RBAC changes, privileged workloads, and anonymous API access, or to build detection rules and triage summaries from JSON lines audit data.

azure-monitor-opentelemetry-exporter-py helps you set up low-level OpenTelemetry export from Python to Azure Monitor and Application Insights. Use it when you need a custom observability pipeline with direct control over traces, metrics, and logs, not a higher-level auto-instrumentation distro.