ワンクリックでManusで任意のスキルを実行

israeli-cybersecurity-ops

Name: Israeli Cybersecurity Ops
Author: skills-il

Coordinate Israeli-built cybersecurity tools for security operations including threat triage, vulnerability management, compliance checking, and incident response. Use when user mentions security operations, "SOC", vulnerability scanning, threat triage, compliance assessment, or asks to coordinate Wiz, Snyk, Check Point, CyberArk, SentinelOne, Armis, Torq, or Pentera tools. Embeds Israeli security best practices including INCD guidelines and Israeli Privacy Protection Law compliance. Do NOT use for offensive security testing or creating exploits.

Manusで実行

Skill メタデータ

スター6

フォーク2

更新日2026年5月28日 22:00

ファイルエクスプローラー

6 ファイル

SKILL.md

readonly

このリポジトリの他の Skills

同じリポジトリ

pikud-haoref-safety-protocols

skills-il/security-compliance

Actionable safety protocols per Home Front Command alert type in Israel. Use when a user asks what to do during a specific type of emergency alert (missiles, hostile aircraft, earthquake, tsunami, hazardous materials, terrorist infiltration), needs regional response time guidance, wants safety instructions for special populations (elderly, disabled, children), or is a new immigrant learning Israeli emergency procedures. Provides step-by-step actions for each alert category, post-alert procedures, and when it is safe to leave the shelter. Helps users respond correctly during emergencies, which can be the difference between life and injury. Do NOT use for building alert API integrations (use pikud-haoref-alerts), for finding or preparing shelters (use israeli-shelter-guide), or for non-Israeli emergency response procedures.

2026-05-286

israeli-ecommerce-compliance

skills-il/security-compliance

Audit and ensure Israeli e-commerce legal compliance, covering Consumer Protection Law, return policies, price display, accessibility, and cookie consent. Use when user asks about "online store compliance Israel", "Chok Hagnat HaTzarchan", "consumer protection Israel", "return policy Israel", "IS 5568 ecommerce", "cookie consent Israel", or "חוק הגנת הצרכן". Covers cooling-off period validation, price display requirements, Hebrew terms of service generation, accessibility compliance (IS 5568), and business disclosure verification. Do NOT use for food-specific compliance (use israeli-food-business-compliance) or privacy/GDPR (use israeli-privacy-shield).

2026-05-286

israeli-cyber-regulations

skills-il/security-compliance

Israeli cybersecurity regulatory framework guidance covering INCD (Ma'arach HaSyber) national directives, Bank of Israel Directive 361 (cyber for financial institutions), Directive 364 (the consolidated IT, information security, and cyber framework), ISA requirements for TASE-listed companies, and sector-specific rules for fintech and healthtech. Use when user asks about "cyber regulation Israel", "horaot Bank Israel 361", "INCD compliance", "Ma'arach HaSyber", "ISA cyber requirements", "sector cyber rules Israel", or "רגולציית סייבר". Covers regulatory mapping, gap analysis, compliance checklists, and audit preparation for Israeli cyber frameworks. Do NOT use for privacy law compliance (use israeli-privacy-compliance instead).

2026-05-286

israeli-appsec-scanner

skills-il/security-compliance

Security scanning guidance for Israeli web applications covering OWASP Top 10, Israeli Privacy Protection Authority (PPA) compliance, dependency vulnerability scanning, secrets detection, and secure coding patterns for Hebrew/RTL apps. Use when user asks to "scan for vulnerabilities", "check security compliance", "audit Israeli app security", "bodek aviskhut" (Hebrew transliteration), or needs help with PPA compliance, secrets detection, or Hebrew input sanitization. Provides actionable checklists, automated scanning scripts, and Israeli-specific security guidance. Do NOT use for network penetration testing, physical security audits, or non-application-layer security concerns.

2026-05-286

israeli-shelter-guide

skills-il/security-compliance

Guide to finding and preparing shelters in Israel including mamad (apartment safe room), mamak (floor safe room), maman (institutional safe room), and miklat (public shelter). Use when a user needs to find the nearest shelter, prepare a safe room per Home Front Command guidelines, understand time-to-shelter by region, set up workplace emergency procedures, or interpret the multi-stage early-warning notifications introduced for ballistic threats. Covers Israeli Standard 4422, time-to-shelter zones (immediate / 15 / 30 / 45 / 60 / 90 seconds), municipal shelter databases, accessibility law, sheltering with pets, vehicle protocols, and what to do if caught outdoors. Do NOT use for real-time alert integrations (use pikud-haoref-alerts) or per-threat safety protocols (use pikud-haoref-safety-protocols).

2026-05-206

israeli-standards-import-checker

skills-il/security-compliance

Check whether a product requires Standards Institution of Israel (SII, Mechon HaTikanim) approval under an official standard (takan rishmi) before it can be imported into Israel. Returns applicable SI numbers, approval route (type approval, shipment approval, Maslol Plus declaration, EU-CoC recognition), required lab tests, timelines, and fast-track options based on the 2016 food parallel-import reform, the 2022 electronics reform, the 2025 EU-regulation reform (Amendment 19), and the November 2025 proposed US-standards Amendment 21. Use when a user asks about importing electronics, toys, cosmetics, food-contact materials, vehicles, or building materials into Israel, asks about CE/type approval, or has a shipment stuck at Israeli customs. Do NOT use for customs duty calculation (use israeli-customs-duty-calculator) or for general product safety review outside the Israeli regulatory context.

2026-05-206

ソース

skills-il

skills-il/security-compliance

GitHub リポジトリを開く Creator のリポジトリを見る

Install

Download

Manusで実行

役立つ用途SOC

情報セキュリティアナリストコンピュータ・数学職15-1212L4

name	israeli-cybersecurity-ops
description	Coordinate Israeli-built cybersecurity tools for security operations including threat triage, vulnerability management, compliance checking, and incident response. Use when user mentions security operations, "SOC", vulnerability scanning, threat triage, compliance assessment, or asks to coordinate Wiz, Snyk, Check Point, CyberArk, SentinelOne, Armis, Torq, or Pentera tools. Embeds Israeli security best practices including INCD guidelines and Israeli Privacy Protection Law compliance. Do NOT use for offensive security testing or creating exploits.
license	MIT
compatibility	Best with MCP servers for Wiz and Snyk. Works standalone for security guidance. Claude Code recommended.

Israeli Cybersecurity Ops

Instructions

Step 1: Identify Security Workflow

Determine which workflow the user needs:

Workflow	When	Tools Involved
Incident Triage	Alert received, need to classify and respond	Wiz, SentinelOne, Snyk
Vulnerability Management	Scan results need prioritization	Snyk, Wiz, Pentera
Compliance Assessment	Need to check against framework	Wiz (cloud), Snyk (code)
Threat Investigation	Suspicious activity, need to investigate	SentinelOne, Check Point
Access Review	Need to audit privileged access	CyberArk

Step 2: Gather Context

For any security workflow, collect:

Environment: Cloud (AWS/Azure/GCP), On-prem, Hybrid
Available tools: Which MCP servers or APIs are connected
Scope: Specific asset, application, or organization-wide
Framework: If compliance, SOC2, ISO27001, Israeli Privacy Law, INCD

Step 3: Execute Workflow

Workflow A: Incident Triage (Sequential)

Phase 1: Alert Enrichment

Retrieve alert details from detection tool (Wiz/SentinelOne)
Enrich with asset information (owner, environment, criticality)
Check for related alerts in last 24 hours

Phase 2: Classification 4. Assess severity based on:

CVSS score (if vulnerability)
Asset criticality (production > staging > dev)
Data sensitivity (PII, financial, health data)
Blast radius (single host vs. network segment)

Classify: Critical / High / Medium / Low / False Positive

Phase 3: Response 6. If Critical/High: Immediate containment actions 7. If Medium: Add to sprint/backlog for remediation 8. If Low/FP: Document and close 9. Update tracking system (Monday.com if available)

Workflow B: Vulnerability Prioritization

Phase 1: Scan Collection

Gather findings from Snyk (code vulnerabilities, dependencies)
Gather findings from Wiz (cloud misconfigurations, vulnerabilities)
If available: Pentera results (exploitability validation)

Phase 2: Prioritization Matrix 4. Score each finding:

Exploitability (is there a public exploit?)
Reachability (is the vulnerable component reachable from internet?)
Data at risk (what data could be exposed?)
Business impact (revenue, reputation, regulatory)

Rank: Fix Now / Fix This Sprint / Fix This Quarter / Accept Risk

Phase 3: Remediation Plan 6. For each "Fix Now" item: specific remediation steps 7. Group by team/owner for efficient assignment 8. Create tracking items with deadlines

Workflow C: Israeli Compliance Check

Phase 1: Framework Selection

Israeli Privacy Protection Law (PPL) 1981 as amended through Amendment 13 (in force August 14, 2025) + Information Security Regulations 2017. Amendment 13 requires immediate notification of a serious security incident to the PPA (the law says "immediately", not a GDPR-style fixed 72-hour clock), with notification to affected individuals where high risk; mandatory DPO triggers; expanded definitions of "personal information" and "sensitive data"; expanded PPA enforcement powers (administrative fines, cease-processing orders, deletion orders); and statutory damages up to NIS 100,000 without proof of harm.
INCD (Israel National Cyber Directorate / מערך הסייבר הלאומי) guidelines, current canonical methodology is the Israeli Cyber Defense Methodology (ICDM) 2.0 (published 2021, mapped to NIST CSF 1.1 + SP 800-53 r5, with explicit Zero Trust + Threat-Informed Defense direction). The National Cyber Security Strategy was updated February 2025.
Banking Supervision (if financial sector): primary current directive is BOI Directive 364 (2024-11) which consolidates and supersedes Directives 357, 361, and 363
SOC2 / ISO27001 (international); MITRE ATT&CK v18 (October 28, 2025) is current with Detection Strategies and Analytics

Phase 2: Control Assessment 5. Map Israeli-specific requirements:

Data protection officer (ממונה הגנת מידע / DPO) required? (Mandatory under Amendment 13 for public bodies; data brokers over 10,000 individuals; organizations whose main activity is large-scale processing of especially-sensitive data; and those carrying out systematic large-scale monitoring. A generic database merely exceeding 10,000 individuals does NOT by itself trigger a DPO.)
Risk-based regime under Amendment 13 (database registration is no longer the primary control)
Cross-border data transfer restrictions
Data breach notification: notify the PPA immediately for a serious security incident, plus affected individuals where high risk
Health data special protections (if applicable)

Check each control against current tool findings

Phase 3: Gap Report 7. Generate report with: Control, Status, Evidence, Gap, Remediation 8. Highlight Israeli-specific requirements separately

Israeli-Specific Security Context

INCD (Israel National Cyber Directorate) Guidelines

Critical infrastructure sectors: Energy, Water, Finance, Health, Communications, Transportation
Cyber event reporting: critical infrastructure must report as soon as possible (real-time) via the INCD cyber-event-report service (gov.il/he/service/cyber-event-report) and the 119 hotline; sector-specific directives may set their own timelines
Annual risk assessment recommended
Supply chain security emphasis (especially given documented Iranian / Hezbollah / Houthi-attributed targeting of Israeli software supply chains since 2023)

Israeli Privacy Protection Law Key Requirements (post Amendment 13)

Risk-based regime; database registration is no longer the primary compliance control
Mandatory DPO triggers (public bodies, data brokers, systematic-monitoring, large/sensitive databases)
Consent for data collection and processing
Right of access and correction (similar to GDPR but predates it)
Cross-border transfer: Adequate protection required
Data breach notification: Required since Regulations 2017
Penalties: Criminal and civil liability

Examples

Example 1: Cloud Alert Triage

User says: "Wiz flagged a critical finding in our production AWS account" Actions: Follow Workflow A, retrieve Wiz finding details, assess blast radius, check for lateral movement indicators, provide containment recommendation.

Example 2: Dependency Vulnerability

User says: "Snyk found 15 high vulnerabilities in our Node.js app" Actions: Follow Workflow B, get Snyk details, check reachability, prioritize by exploitability, create remediation plan with specific version upgrades.

Example 3: Privacy Compliance

User says: "We need to check if we comply with Israeli privacy law" Actions: Follow Workflow C, map Israeli Privacy Protection Law requirements, check database registration status, review consent mechanisms, assess cross-border data flows.

Bundled Resources

Scripts

scripts/security_triage.py, Structured security alert triage tool that calculates composite severity scores from CVSS, asset criticality, data sensitivity, and blast radius. Determines INCD reporting obligations for critical infrastructure and Privacy Authority notification for data breaches. Outputs classification, recommended response steps, and reporting deadlines. Run: python scripts/security_triage.py --help

References

references/incd-guidelines.md, Israel National Cyber Directorate reference covering CERT-IL, sector-specific regulators, critical infrastructure designations, the five-pillar INCD cyber defense framework (Identify/Protect/Detect/Respond/Recover), incident reporting timelines and channels, security best practices, and compliance mapping between Israeli Privacy Law, SOC2, and ISO 27001. Consult when assessing Israeli regulatory requirements or mapping security controls to compliance frameworks.

Gotchas

Vendor ownership changes (2025-2026). Wiz was acquired by Google for ~$32B (closed March 11, 2026) and now ships under Google Cloud Security alongside Mandiant; multi-cloud commitment preserved. CyberArk was acquired by Palo Alto Networks for ~$25B (closed February 11, 2026); CyberArk is now part of Palo Alto's identity platform (Cortex / Strata). Check Point product naming has shifted (Quantum SASE → Harmony SASE; Horizon Playblocks → Infinity Playblocks). Agents that quote pre-2026 vendor framing miss integration patterns and TOS implications. Wiz acquired by Google means the Wiz MCP can be expected to evolve toward Google Cloud Security MCP family.
Israeli security tools (Wiz, Snyk, Check Point) may have Hebrew-language dashboards or alerts. Agents should not assume all output is in English when parsing tool responses.
CERT-IL (the Israeli national CERT) provides free incident response assistance to private sector organizations, unlike many national CERTs. Agents may not recommend this free resource when advising on incident response.
Israeli SOC teams typically operate Sunday-Thursday with reduced Friday coverage. Agents may generate 24/7 staffing plans based on Monday-Friday assumptions.
CyberArk, a commonly used PAM tool in Israeli enterprises, uses Hebrew role names in many Israeli deployments. Agents should expect bilingual access control configurations.
Israeli critical infrastructure designations by INCD are not publicly listed. Agents cannot determine if an organization is designated as critical infrastructure without the organization confirming it.

Reference Links

Source	URL	What to Check
INCD (Israel National Cyber Directorate)	https://www.gov.il/en/departments/israel_national_cyber_directorate	Critical infrastructure guidance, cyber event reporting
CERT-IL	https://www.gov.il/en/departments/guides/cyber_incident	Incident reporting, free IR assistance
Privacy Protection Authority	https://www.gov.il/en/departments/the_privacy_protection_authority	Database registration, breach notification rules
Wiz Documentation	https://docs.wiz.io	Cloud security findings, compliance frameworks
Snyk Documentation	https://docs.snyk.io	SAST, SCA, container scanning
OWASP Top 10	https://owasp.org/www-project-top-ten/	Vulnerability classification baseline

Troubleshooting

Error: "MCP server not connected"

Cause: Wiz or Snyk MCP server not configured Solution: This skill works without MCP for guidance mode. For full integration, connect Wiz MCP via Claude Desktop settings or Snyk MCP via snyk mcp command.

Error: "Insufficient context for triage"

Cause: Not enough information about the alert or environment Solution: Ask for: alert ID, affected asset, environment (prod/staging), data classification, and which detection tools are available.