Skip to main content
Run any Skill in Manus
with one click

soc-impossible-travel

Stars1
Forks0
UpdatedMay 25, 2026 at 12:57

SOC investigation playbook for Microsoft Sentinel Impossible-Travel detections. Drives a single agent through context enrichment, evaluation of 10 risk factors (location, authentication, token, brute force, MFA abuse, post-login activity, OAuth abuse, mailbox manipulation, high-privilege user, disabled-account sign-in), risk scoring, and a PACO final verdict with action plan. Use this skill whenever the user mentions impossible travel, account compromise, suspicious sign-in, Sentinel detection, SOC investigation, Entra ID risky sign-in, a NormalizedDetection payload, an account takeover scenario, or asks "is this user compromised?" — even if they don't explicitly say "skill".

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

File Explorer
17 files
SKILL.md
readonly