- Home
- Skills
- Vadimcomanescu
- Codex Skills
- Senior Secops
senior-secops_skill
- Python
3
GitHub Stars
2
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill vadimcomanescu/codex-skills --skill senior-secops- LICENSE.txt1.1 KB
- SKILL.md991 B
Overview
This skill provides a senior-level SecOps workflow for rapid vulnerability triage, incident response, detection tuning, and post-incident hardening. It codifies practical steps to contain incidents quickly, remove root causes, and capture durable lessons to prevent recurrence. Use it to guide decisions during alerts, log reviews, and playbook creation.
How this skill works
The skill guides responders through a five-step incident lifecycle: triage, contain, eradicate, recover, and learn. It inspects alert context and log summaries, recommends containment actions (credential rotation, IOC blocking, isolation), and suggests eradication and hardening measures. It can also run quick log summarization to highlight suspicious patterns and help prioritize investigation tasks.
When to use it
- Immediately after a security alert that may indicate compromise.
- When reviewing logs for suspicious activity during triage.
- While building or updating incident response playbooks.
- When improving detection rules and reducing false positives.
- During post-incident reviews to define hardening actions.
Best practices
- Start with impact-focused triage: what’s affected, ongoing attack indicators, and data at risk.
- Contain fast and narrowly: disable credentials, block IOCs, and isolate affected hosts to reduce blast radius.
- Document every action and preserve evidence before making destructive changes.
- Prioritize eradication steps that remove persistence and patch root cause before recovery.
- Run a structured postmortem and convert findings into concrete controls and detection improvements.
Example use cases
- Triage a critical alert: determine scope, check for lateral movement, and recommend immediate containment steps.
- Summarize a noisy log file to surface failed logins, suspicious commands, and anomalous IPs for rapid review.
- Draft an incident playbook for ransomware that lists containment, eradication, recovery, and communications steps.
- Tune SIEM/alerting rules after an incident to reduce false positives and catch similar future activity earlier.
- Run a post-incident hardening checklist to rotate secrets, apply patches, and remove compromised artifacts.
FAQ
Yes. It includes a quick log summarization capability that extracts key events and indicators to accelerate triage.
Is this a replacement for detailed forensic analysis?
No. It is designed for rapid response and containment. Full forensic investigations should follow for root cause and legal evidence.