一键导入
experiment-cycle
The shared protocol for one variant cycle in a Rules Farmer experiment. Read this before starting any cycle.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
The shared protocol for one variant cycle in a Rules Farmer experiment. Read this before starting any cycle.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | experiment-cycle |
| description | The shared protocol for one variant cycle in a Rules Farmer experiment. Read this before starting any cycle. |
This skill documents the contract between the Rules Agent, the Attack Agent, and the Orchestrator.
variant_count + 1 cycles (one base + N variants). Initializes/finalizes the experiment record.base cycle (variant_label="base"):
- Rules Agent generates rule for intent
- Validates -> deploys
- Asks Attack Agent to execute (request_variant=False)
- Checks alert -> if not fired, regenerates rule and retries (up to max_internal_attempts)
- Returns IterationResult(fired=True) on success
- Orchestrator advances to variant_1
variant_N cycle (variant_label="variant_N"):
- Rules Agent receives previous_iterations with prior cycle's final_rule
- It MAY keep the same rule and just ask for a variant attack, OR refine
- Asks Attack Agent to execute (request_variant=True)
- Same convergence check
- Returns IterationResult(fired=True) on success
- Orchestrator advances to variant_(N+1)
variant_count + 1 cycles return fired=True → experiment converged.fired=False after exhausting max_internal_attempts → experiment failed.Both agents persist their work via the orchestrator's ExperimentRecorder:
record_iteration after each attack execution.experiment.json and metrics.csv after the outer loop ends (success or failure).experiment-cycle (this skill) — both agents must understand the protocol.Generate Snort 3.9.7.0 IDS rules from a natural-language operator intent. Use whenever you need to write a new rule, refine an existing one, or recover from a syntax error.
Reuse Snort rules that already fired in past experiments. ALWAYS consult this skill at the start of every cycle BEFORE writing a new rule. Validated rules are known-good detection patterns persisted per attack_id under data/validated_rules/.
How to produce an evasion variant of a previously successful attack. Use this when request_variant=True on the attacker request.
How to execute the selected attack container on the attacker host and interpret the result.
How to map an operator intent to one of the attacks discovered on the attacker host. Use this before calling execute_attack.
Rule-generation refinement playbook for MQTT Brute Force — credential brute force against MQTT brokers on TCP port 1883 using dictionary attacks. Load when the operator intent maps to attack_id mqtt-bruteforce.