Tunes SIEM detection rules in Splunk and Elastic by analyzing alert volumes, creating whitelists, adjusting thresholds, and measuring precision/recall to reduce false positives.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
SIEM 用例调优通过系统性地分析检测规则的误报率、根据环境基线调整阈值、创建上下文感知白名单以及通过精确率/召回率指标衡量检测有效性来减少告警疲劳(alert fatigue)。本技能涵盖 Splunk 关联搜索和 Elastic 检测规则的调优工作流,包括统计基线化、排除列表管理以及告警转化为事件的跟踪。
Tunes SIEM detection rules in Splunk and Elastic to reduce false positives by analyzing alert volumes, creating whitelists, adjusting thresholds, and measuring efficacy metrics like precision/recall.
Tunes SIEM detection rules in Splunk and Elastic to reduce false positives: analyzes alert volumes, creates whitelists, adjusts thresholds, measures precision/recall efficacy.
Reduces SIEM false positives using Splunk SPL for rule tuning, threshold adjustments, whitelisting, correlations, and time exclusions. For SOC alert fatigue.
Share bugs, ideas, or general feedback.
SIEM 用例调优通过系统性地分析检测规则的误报率、根据环境基线调整阈值、创建上下文感知白名单以及通过精确率/召回率指标衡量检测有效性来减少告警疲劳(alert fatigue)。本技能涵盖 Splunk 关联搜索和 Elastic 检测规则的调优工作流,包括统计基线化、排除列表管理以及告警转化为事件的跟踪。
requests 库JSON 报告,包含每条规则的调优建议,含当前误报率、建议的阈值调整、白名单条目和预计告警减少百分比。