تشغيل أي مهارة في Manus بنقرة واحدة

$pwd:

case-management

Name: Case Management
Author: elastic

// Create, search, update, and manage SOC cases for Elastic Security. ALWAYS use this skill when the user mentions cases, incidents, investigations, or asks to see, show, list, open, create, update, or search cases. Trigger for: "show me my cases", "open cases", "list cases", "any open cases", "create a case", "case for this alert", "show me case 42", "incident tracking", "investigation status", or any case-related question.

تشغيل في Manus

$ git log --oneline --stat

stars:٩

forks:٨

updated:١٧ أبريل ٢٠٢٦ في ٢٠:٤٠

SKILL.md

readonly

name

case-management

description

Create, search, update, and manage SOC cases for Elastic Security. ALWAYS use this skill when the user mentions cases, incidents, investigations, or asks to see, show, list, open, create, update, or search cases. Trigger for: "show me my cases", "open cases", "list cases", "any open cases", "create a case", "case for this alert", "show me case 42", "incident tracking", "investigation status", or any case-related question.

Case Management

Manage SOC cases using the elastic-security MCP connector.

ALWAYS call the tool

When the user asks about cases, ALWAYS call manage-cases to open the interactive dashboard. Do not try to answer from memory or describe cases without calling the tool first.

User says	Tool call
"show me my cases"	`manage-cases` (no params)
"any open cases?"	`manage-cases` with `status: "open"`
"closed cases"	`manage-cases` with `status: "closed"`
"cases for SRVWIN02"	`manage-cases` with `search: "SRVWIN02"`
"critical cases"	`manage-cases` with `severity: "critical"`
"show case 42"	`manage-cases` (user can click it in the dashboard)
"create a case"	`create-case` with title, description, tags, severity
"create a case for this alert"	`create-case` with alert details, then `attach-alert-to-case`

Tools

Tool	Purpose
`manage-cases`	Opens interactive case dashboard. Params: `status`, `severity`, `search`
`create-case`	Creates a new case. Params: `title`, `description`, `tags` (comma-separated), `severity`
`attach-alert-to-case`	Attaches an alert to a case. Params: `caseId`, `alertId`, `alertIndex`, `ruleId`, `ruleName`
`update-case`	Updates case status/severity. Params: `caseId`, `version`, `status`, `severity`
`add-case-comment`	Adds investigation notes. Params: `caseId`, `comment`

Creating Cases

When the user asks you to create a case, call create-case directly — do NOT tell them to use the dashboard UI.

Example:

create-case with:
  title: "[MALICIOUS] Ransomware Attack Chain — srv-win-defend-01"
  description: "## Summary\n- Full ransomware kill chain detected\n- Host: srv-win-defend-01\n- User: Jonathan\n\n## MITRE ATT&CK\nT1566, T1059, T1218\n\n## Findings\n..."
  tags: "classification:malicious,confidence:high,host:srv-win-defend-01,mitre:T1566,mitre:T1059"
  severity: "critical"

After creating the case, if you have alert IDs, attach them with attach-alert-to-case.

Tag Conventions

Tag pattern	Example	Purpose
`classification:<level>`	`classification:malicious`	Triage result
`confidence:<score>`	`confidence:85`	Confidence 0-100
`mitre:<technique>`	`mitre:T1574.002`	MITRE ATT&CK technique
`agent_id:<uuid>`	`agent_id:550888e5-...`	Elastic agent ID
`rule:<name>`	`rule:Malware Detection`	Detection rule name

related-skills.json

نفس المستودع

alert-triage.md

from "elastic/example-mcp-app-security"

Triage Elastic Security alerts — fetch, investigate, classify threats, create cases, and acknowledge. Use when triaging alerts, performing SOC analysis, investigating detections, reviewing security incidents, or when the user mentions ransomware, malware, lateral movement, credential theft, DLL injection, suspicious processes, or any specific threat. Also trigger for "show me alerts", "what's happening on host X", "any critical alerts", or any security operations question.

2026-04-179

attack-discovery-triage.md

from "elastic/example-mcp-app-security"

Triage Elastic Security Attack Discovery findings — fetch correlated attack narratives, assess confidence with entity risk and rule frequency signals, and present an interactive triage dashboard for approval, case creation, and acknowledgment. Use when triaging attack discoveries, reviewing correlated attacks, assessing EASE output, or when the user mentions "attack discovery", "AD findings", "triage attacks", "correlated alerts", or asks to process attack discovery results. Also trigger for "what attacks were discovered", "triage my discoveries", or "any attack discoveries".

2026-04-179

detection-rule-management.md

from "elastic/example-mcp-app-security"

Create, tune, and manage Elastic Security detection rules. Use for false positive tuning, adding exceptions, creating new detection coverage, finding noisy rules, enabling/disabling rules, or any detection engineering task. Also trigger for "detection rules", "noisy rules", "false positives", "add exception", "create rule", or "tune rule".

2026-04-179

generate-sample-data.md

from "elastic/example-mcp-app-security"

Generate sample security events, attack scenarios, and synthetic alerts for Elastic Security. Use when demoing, populating dashboards, testing detection rules, setting up a POC, or when the user asks for test data, demo data, or sample alerts.

2026-04-179

package.json

"author": "elastic"

"repository": "elastic/example-mcp-app-security"

فتح مستودع GitHub عرض مستودعات المنشئ

$ install --global

$ download --local

تشغيل في Manus

$ useful --forSOC

محللو أمن المعلوماتمهن الحاسوب والرياضيات15-1212L4

name

case-management

description

Case Management

Manage SOC cases using the elastic-security MCP connector.

ALWAYS call the tool

When the user asks about cases, ALWAYS call manage-cases to open the interactive dashboard. Do not try to answer from memory or describe cases without calling the tool first.

User says	Tool call
"show me my cases"	`manage-cases` (no params)
"any open cases?"	`manage-cases` with `status: "open"`
"closed cases"	`manage-cases` with `status: "closed"`
"cases for SRVWIN02"	`manage-cases` with `search: "SRVWIN02"`
"critical cases"	`manage-cases` with `severity: "critical"`
"show case 42"	`manage-cases` (user can click it in the dashboard)
"create a case"	`create-case` with title, description, tags, severity
"create a case for this alert"	`create-case` with alert details, then `attach-alert-to-case`

Tools

Tool	Purpose
`manage-cases`	Opens interactive case dashboard. Params: `status`, `severity`, `search`
`create-case`	Creates a new case. Params: `title`, `description`, `tags` (comma-separated), `severity`
`attach-alert-to-case`	Attaches an alert to a case. Params: `caseId`, `alertId`, `alertIndex`, `ruleId`, `ruleName`
`update-case`	Updates case status/severity. Params: `caseId`, `version`, `status`, `severity`
`add-case-comment`	Adds investigation notes. Params: `caseId`, `comment`

Creating Cases

When the user asks you to create a case, call create-case directly — do NOT tell them to use the dashboard UI.

Example:

create-case with:
  title: "[MALICIOUS] Ransomware Attack Chain — srv-win-defend-01"
  description: "## Summary\n- Full ransomware kill chain detected\n- Host: srv-win-defend-01\n- User: Jonathan\n\n## MITRE ATT&CK\nT1566, T1059, T1218\n\n## Findings\n..."
  tags: "classification:malicious,confidence:high,host:srv-win-defend-01,mitre:T1566,mitre:T1059"
  severity: "critical"

After creating the case, if you have alert IDs, attach them with attach-alert-to-case.

Tag Conventions

Tag pattern	Example	Purpose
`classification:<level>`	`classification:malicious`	Triage result
`confidence:<score>`	`confidence:85`	Confidence 0-100
`mitre:<technique>`	`mitre:T1574.002`	MITRE ATT&CK technique
`agent_id:<uuid>`	`agent_id:550888e5-...`	Elastic agent ID
`rule:<name>`	`rule:Malware Detection`	Detection rule name

case-management

Case Management

ALWAYS call the tool

Tools

Creating Cases

Tag Conventions

المزيد من هذا المستودع

المزيد من هذا المستودع

Case Management

ALWAYS call the tool

Tools

Creating Cases

Tag Conventions