Soar

building-incident-response-playbook helps security teams create reusable incident response playbooks with step-by-step phases, decision trees, escalation criteria, RACI ownership, and SOAR-ready structure. It is designed for incident response procedure documentation, incident triage workflows, and audit-friendly operational response plans.

The building-phishing-reporting-button-workflow skill helps you design a phishing report button workflow that preserves the original email, extracts IOCs, classifies reports, and routes triage and feedback for Microsoft 365 or similar email security setups.

building-cloud-siem-with-sentinel is a practical guide for deploying Microsoft Sentinel as a cloud SIEM and SOAR layer. It covers multi-cloud log ingestion, KQL detections, incident investigation, and Logic Apps response playbooks for Security Audit and SOC operations. Use this building-cloud-siem-with-sentinel skill when you need a repo-backed starting point for centralized cloud security monitoring.

automating-ioc-enrichment helps automate IOC enrichment with VirusTotal, AbuseIPDB, Shodan, and STIX 2.1 for SOAR playbooks, Python pipelines, and Workflow Automation. Use this automating-ioc-enrichment skill to standardize analyst-ready context, reduce triage time, and shape repeatable enrichment outputs.