Soc

correlating-security-events-in-qradar helps SOC and detection teams correlate IBM QRadar offenses with AQL, offense context, custom rules, and reference data. Use this guide to investigate incidents, reduce false positives, and build stronger correlation logic for Incident Response.

building-vulnerability-scanning-workflow helps SOC teams design a repeatable vulnerability scanning process for discovery, prioritization, remediation tracking, and reporting across assets. It supports Security Audit use cases with scanner orchestration, KEV-aware risk ranking, and workflow guidance beyond a one-off scan.

The building-soc-metrics-and-kpi-tracking skill turns SOC activity data into KPIs like MTTD, MTTR, alert quality, analyst productivity, and detection coverage. It fits SOC leadership, security operations, and observability teams that need repeatable reporting, trend tracking, and executive-friendly metrics backed by Splunk-based workflows.

building-soc-playbook-for-ransomware skill for SOC teams that need a structured ransomware response playbook. It covers detection triggers, containment, eradication, recovery, and audit-ready procedures aligned to NIST SP 800-61 and MITRE ATT&CK. Use it for practical playbook creation, tabletop exercises, and Security Audit support.

Use the building-soc-escalation-matrix skill to build a structured SOC escalation matrix with severity tiers, response SLAs, escalation paths, and notification rules. It includes template, standards mapping, workflows, and scripts for practical building-soc-escalation-matrix usage in security operations and audit work.

building-incident-response-dashboard helps teams build real-time incident response dashboards in Splunk, Elastic, or Grafana for active incident tracking, containment status, affected assets, IOC spread, and response timelines. Use this building-incident-response-dashboard skill when you need a focused dashboard for SOC analysts, incident commanders, and leadership.

building-detection-rules-with-sigma helps analysts build portable Sigma detection rules from threat intel or vendor rules, map them to MITRE ATT&CK, and convert them for SIEMs like Splunk, Elastic, and Microsoft Sentinel. Use this building-detection-rules-with-sigma guide for Security Audit workflows, standardization, and detection-as-code.

building-detection-rule-with-splunk-spl helps SOC analysts and detection engineers build Splunk SPL correlation searches for threat detection, tuning, and Security Audit review. Use it to turn a detection brief into a deployable rule with MITRE mapping, enrichment, and validation guidance.

The analyzing-windows-event-logs-in-splunk skill helps SOC analysts investigate Windows Security, System, and Sysmon logs in Splunk for authentication attacks, privilege escalation, persistence, and lateral movement. Use it for incident triage, detection engineering, and timeline analysis with mapped SPL patterns and event ID guidance.