willwebster5-agent-skills

Unified SOC analyst workflow for CrowdStrike NGSIEM — triage alerts, investigate security events, hunt threats, tune detections, and manage cases through a phased lifecycle.

Agent-delegated SOC workflow for CrowdStrike NGSIEM — distributes triage, investigation, and evidence collection across specialized sub-agents (Haiku for mechanical, Sonnet for substantive, Opus for judgment).

Develop, optimize, and troubleshoot CrowdStrike LogScale security detection queries using CQL — includes case statements, multi-event correlation, investigation playbooks, and hunting rules.

Analyze and tune CrowdStrike NGSIEM detections for false positive reduction using 38 enrichment functions across AWS, EntraID, GitHub, and network data sources.

Design multi-event behavioral detection rules using CrowdStrike NG-SIEM correlate() function for attack chain detections across AWS, EntraID, and CrowdStrike data sources.

Curated CQL detection engineering pattern catalog for CrowdStrike NG-SIEM — correlation, enrichment, aggregation, scoring, baselining, and more.

Build CrowdStrike Falcon Fusion SOAR workflows — discover actions via live API, author YAML, validate locally, and deploy automation playbooks.

Detection-to-response mapping and SOAR playbook design — analyzes detections, recommends tiered response actions, and produces handoff docs for Falcon Fusion workflow generation.

Threat-model-first detection planning for data sources without OOTB coverage — analyzes threats, validates against live log data, and produces prioritized detection backlogs.

Autonomous threat hunting using the PEAK framework — hypothesis-driven, intelligence-driven, and baseline hunts against CrowdStrike NG-SIEM with hunt reports and detection backlogs.