一键导入
ti-ingest
Threat-intel signal ingest — converts a CVE + affected-asset + claim payload into a queued engagement-scope row for the validation pipeline.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Threat-intel signal ingest — converts a CVE + affected-asset + claim payload into a queued engagement-scope row for the validation pipeline.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Threat Intelligence Report Design System — ReportLab-based PDF generation for A4 reports with Transilience branding, typography, and layout standards.
Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
Cloud and container security testing - AWS, Azure, GCP, Docker, and Kubernetes misconfigurations and exploitation.
Detect and break the cloud post-compromise attack chain (AWS / Azure / GCP) — per-stage CloudTrail / Activity-Log / Audit-Log detection signals and the preventive controls that close each step. Use for cloud detection engineering, hardening, remediation write-ups, or blue-team posture review of the lateral-movement -> privilege-escalation -> exfiltration -> evasion chain.
HackTheBox platform operations and automations to solve challenges, machines and capture the flags hacking competitions
Injection vulnerability testing - SQL, NoSQL, OS Command, SSTI, XXE, and LDAP/XPath injection techniques.
| name | ti-ingest |
| description | Threat-intel signal ingest — converts a CVE + affected-asset + claim payload into a queued engagement-scope row for the validation pipeline. |
Convert a threat-intel signal into a queued engagement-scope row that the Exploitability Validation Run (cloud-agent task #3) consumes.
Two modes:
signal.json they have on hand.{OUTPUT_DIR}/inbox/ on a cron (default every 15 minutes) and processes any new signal files it finds.tools/ti-ingest.py --in <path-or-stdin>.signal_id, cve (one or more), assets (one or more), claim. Optional: confidence, source, references.tools/nvd-lookup.py <CVE> and attach {score, severity, cwe} to the row.(asset, cve) pair already exists in queue/scope-*.json. Re-queue only if the prior row's status is REJECTED AND the TI signal carries a higher confidence than the last attempt.(asset, cve) pair at queue/scope-{ts}-{asset_id}-{cve}.json. The Validation Run task picks these up.{OUTPUT_DIR}/
inbox/
signal-{ts}.json # raw payload, kept for audit
queue/
scope-{ts}-{asset}-{cve}.json
Per scope row:
{
"scope_id": "scope-20260513-asset42-CVE-2024-12345",
"signal_id": "ti-2026-0042",
"asset": {"id": "asset42", "url": "https://app.example.com", "tier": "revenue"},
"cve": "CVE-2024-12345",
"nvd": {"score": 9.8, "severity": "CRITICAL", "cwe": "CWE-79"},
"claim": "Reflected XSS via search parameter",
"confidence": "high",
"source": "vendor-advisory",
"references": ["https://..."],
"queued_at": "2026-05-13T10:00:00Z",
"status": "queued"
}
inbox/ before any transformation.nvd-lookup errors, write the row with nvd: null and nvd_error: "..."; do not drop the signal.asset.id against artifacts/org-surface.json (from Org Recon Refresh task). Unknown assets get a row but flagged unknown_asset: true so the validator skips them.reference/ingest-schema.md — full input/output JSON schemas.