一键导入
iteration-recording
How and when to persist a rule attempt to the experiment record (metrics.csv and experiment.json).
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
How and when to persist a rule attempt to the experiment record (metrics.csv and experiment.json).
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Generate Snort 3.9.7.0 IDS rules from a natural-language operator intent. Use whenever you need to write a new rule, refine an existing one, or recover from a syntax error.
Reuse Snort rules that already fired in past experiments. ALWAYS consult this skill at the start of every cycle BEFORE writing a new rule. Validated rules are known-good detection patterns persisted per attack_id under data/validated_rules/.
How to produce an evasion variant of a previously successful attack. Use this when request_variant=True on the attacker request.
How to execute the selected attack container on the attacker host and interpret the result.
How to map an operator intent to one of the attacks discovered on the attacker host. Use this before calling execute_attack.
Rule-generation refinement playbook for MQTT Brute Force — credential brute force against MQTT brokers on TCP port 1883 using dictionary attacks. Load when the operator intent maps to attack_id mqtt-bruteforce.
| name | iteration-recording |
| description | How and when to persist a rule attempt to the experiment record (metrics.csv and experiment.json). |
Use this skill after every attack execution within the current variant cycle. The orchestrator owns the experiment ID and the variant label; you only pass the per-attempt details.
record_iteration(
iteration: int,
attack_id: str,
arguments: list[str],
fired: bool,
evasion_rationale: str,
rule: str,
container_exit_code: int | None = None,
container_stderr: str = "",
) -> "recorded"
trigger_attacker + check_alert_fired, regardless of outcome.iteration as the attempt number within the current variant cycle (start at 1, increment for each rule regeneration attempt).fired must reflect the result of check_alert_fired.rule must be the rule that was deployed for this attempt (post-assign_sid).container_exit_code and container_stderr from the trigger_attacker return value.The orchestrator can crash, the SSH session can drop, the LLM can run out of budget. Every recorded iteration is a row in metrics.csv and an entry in experiment.json — partial records are still useful for analysis. Always record before returning.