원클릭으로
iteration-recording
How and when to persist a rule attempt to the experiment record (metrics.csv and experiment.json).
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
How and when to persist a rule attempt to the experiment record (metrics.csv and experiment.json).
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
Generate Snort 3.9.7.0 IDS rules from a natural-language operator intent. Use whenever you need to write a new rule, refine an existing one, or recover from a syntax error.
Reuse Snort rules that already fired in past experiments. ALWAYS consult this skill at the start of every cycle BEFORE writing a new rule. Validated rules are known-good detection patterns persisted per attack_id under data/validated_rules/.
How to produce an evasion variant of a previously successful attack. Use this when request_variant=True on the attacker request.
How to execute the selected attack container on the attacker host and interpret the result.
How to map an operator intent to one of the attacks discovered on the attacker host. Use this before calling execute_attack.
Rule-generation refinement playbook for MQTT Brute Force — credential brute force against MQTT brokers on TCP port 1883 using dictionary attacks. Load when the operator intent maps to attack_id mqtt-bruteforce.
SOC 직업 분류 기준
| name | iteration-recording |
| description | How and when to persist a rule attempt to the experiment record (metrics.csv and experiment.json). |
Use this skill after every attack execution within the current variant cycle. The orchestrator owns the experiment ID and the variant label; you only pass the per-attempt details.
record_iteration(
iteration: int,
attack_id: str,
arguments: list[str],
fired: bool,
evasion_rationale: str,
rule: str,
container_exit_code: int | None = None,
container_stderr: str = "",
) -> "recorded"
trigger_attacker + check_alert_fired, regardless of outcome.iteration as the attempt number within the current variant cycle (start at 1, increment for each rule regeneration attempt).fired must reflect the result of check_alert_fired.rule must be the rule that was deployed for this attempt (post-assign_sid).container_exit_code and container_stderr from the trigger_attacker return value.The orchestrator can crash, the SSH session can drop, the LLM can run out of budget. Every recorded iteration is a row in metrics.csv and an entry in experiment.json — partial records are still useful for analysis. Always record before returning.