Skip to main content
Exécutez n'importe quel Skill dans Manus
en un clic

soc-investigator

Étoiles2
Forks1
Mis à jour29 juin 2026 à 10:59

Air-gapped SOC investigation cowork for Microsoft Defender + VirusTotal + Sentinel in locked-down tenants where direct API / MCP / Entra access is forbidden. Use when the user wants to triage IOCs (URLs, domains, file hashes), hunt them in Defender Advanced Hunting split by machine type, unify and enrich the results via VirusTotal, pivot into Sentinel to find affected machines and users, and close incidents — without granting any API access. Claude generates the KQL and the local enrichment, the human runs the queries and exports CSVs in their own authenticated browser, and Claude prepares (never auto-executes) the incident-close step. Triggers on: "run the SOC investigation", "hunt these IOCs", "Defender/Sentinel triage", "check these domains/hashes", "close the risks in Sentinel".

Installation

Installer avec Codex ou Claude Copiez ce prompt, collez-le dans Codex, Claude ou un autre assistant, puis laissez-le vérifier la page du skill et l'installer pour vous.

Explorateur de fichiers
18 fichiers
SKILL.md
readonly