By willwebster5
Analyze and tune CrowdStrike NGSIEM detections for false positive reduction using 38 enrichment functions across AWS, EntraID, GitHub, and network data sources.
A Claude Code plugin marketplace — a collection of CrowdStrike security skills and plugins.
Add this marketplace to your Claude Code setup:
/plugin marketplace add willwebster5/agent-skills
Then browse and install available plugins:
/plugin search
| Plugin | Description |
|---|---|
crowdstrike-soc | Unified SOC analyst workflow — triage alerts, investigate, hunt threats, tune detections, manage cases |
crowdstrike-soc-agents | Agent-delegated SOC workflow — distributes triage and investigation across specialized sub-agents |
| Plugin | Description |
|---|---|
crowdstrike-logscale-security-queries | Develop and troubleshoot CQL security detection queries for LogScale |
crowdstrike-detection-tuning | Tune NGSIEM detections for false positive reduction with 38 enrichment functions |
crowdstrike-behavioral-detections | Design multi-event behavioral detection rules using correlate() |
crowdstrike-cql-patterns | Curated CQL detection engineering pattern catalog for NG-SIEM |
| Plugin | Description |
|---|---|
crowdstrike-threat-hunting | Autonomous PEAK-framework threat hunting against NG-SIEM — hypothesis, intelligence, and baseline hunts |
crowdstrike-source-threat-modeling | Threat-model-first detection planning for data sources without OOTB coverage |
| Plugin | Description |
|---|---|
crowdstrike-fusion-workflows | Build Falcon Fusion SOAR workflows — discover actions, author YAML, validate |
crowdstrike-response-playbooks | Detection-to-response mapping and SOAR playbook design with tiered response actions |
MIT
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
npx claudepluginhub willwebster5/agent-skills --plugin crowdstrike-detection-tuningAgent-delegated SOC workflow for CrowdStrike NGSIEM — distributes triage, investigation, and evidence collection across specialized sub-agents (Haiku for mechanical, Sonnet for substantive, Opus for judgment).
Curated CQL detection engineering pattern catalog for CrowdStrike NG-SIEM — correlation, enrichment, aggregation, scoring, baselining, and more.
Build CrowdStrike Falcon Fusion SOAR workflows — discover actions via live API, author YAML, validate locally, and deploy automation playbooks.
Autonomous threat hunting using the PEAK framework — hypothesis-driven, intelligence-driven, and baseline hunts against CrowdStrike NG-SIEM with hunt reports and detection backlogs.
Develop, optimize, and troubleshoot CrowdStrike LogScale security detection queries using CQL — includes case statements, multi-event correlation, investigation playbooks, and hunting rules.
Design multi-event behavioral detection rules using CrowdStrike NG-SIEM correlate() function for attack chain detections across AWS, EntraID, and CrowdStrike data sources.
SentinelOne SecOps skills for Claude: PowerQuery threat hunting, Management Console API, Singularity Data Lake API, SDL dashboard authoring, SDL log parsing, Hyperautomation workflow generation, source-agnostic behavioral baselining with z-score anomaly detection, and packaged SDL solution deployment (data source onboarding to OCSF with device/user enrichment, dashboard, MITRE-mapped detections and a threat-response flow; plus asset enrichment of raw logs).
SentinelOne SecOps skills for Claude: PowerQuery threat hunting, Management Console API, Singularity Data Lake API, SDL dashboard authoring, SDL log parsing, Hyperautomation workflow generation, source-agnostic behavioral baselining with z-score anomaly detection, and packaged SDL solution deployment (data source onboarding to OCSF with device/user enrichment, dashboard, MITRE-mapped detections and a threat-response flow; plus asset enrichment of raw logs).
Core LimaCharlie skills for CLI-based API access, detection engineering, sensor tasking, case investigation, and fleet health monitoring.
Agentic SOC Platform integration for Claude Code
Claude plugins for SentinelOne XDR - threat detection, incident response, and endpoint agent management via the Purple AI MCP server