cyber-defense-team
Orchestrate a 4-agent cyber defense pipeline to analyze log files for threats. Use when investigating security logs, detecting anomalies in access patterns, classifying breach severity, or generating incident reports from nginx/auth/syslog files.
Best use case
cyber-defense-team is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Orchestrate a 4-agent cyber defense pipeline to analyze log files for threats. Use when investigating security logs, detecting anomalies in access patterns, classifying breach severity, or generating incident reports from nginx/auth/syslog files.
Teams using cyber-defense-team should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/cyber-defense-team/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How cyber-defense-team Compares
| Feature / Agent | cyber-defense-team | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Orchestrate a 4-agent cyber defense pipeline to analyze log files for threats. Use when investigating security logs, detecting anomalies in access patterns, classifying breach severity, or generating incident reports from nginx/auth/syslog files.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# Cyber Defense Team Skill
Orchestrate a 4-agent pipeline that analyzes log files for security threats and produces an incident report.
## Pipeline Architecture
```
[You] → Team Lead (this skill)
│
├─[1]─→ log-ingestor (haiku) → cyber-defense-events.json
│
├─[2]─→ anomaly-detector (sonnet) → cyber-defense-anomalies.json
│ (reads events.json)
├─[3]─→ risk-classifier (sonnet) → cyber-defense-risk.json
│ (reads anomalies.json)
└─[4]─→ threat-reporter (sonnet) → cyber-defense-report.md
(reads all 3 JSON files)
```
Stages 2 and 3 are sequential (each depends on previous output). Stage 4 runs after all data is ready.
## Execution Steps
### Step 1 — Validate Input
Check that the log file exists (or that log content was provided inline). If the path doesn't exist, tell the user immediately — don't proceed.
### Step 2 — Spawn Log Ingestor
Use the Agent tool to spawn the `log-ingestor` agent:
```
Task: Parse the log file at [log_path] and write structured events to cyber-defense-events.json.
Log path: [log_path]
```
Wait for completion. Confirm `cyber-defense-events.json` was created.
### Step 3 — Spawn Anomaly Detector
Use the Agent tool to spawn the `anomaly-detector` agent:
```
Task: Read cyber-defense-events.json and detect anomalies. Write results to cyber-defense-anomalies.json.
```
Wait for completion. If `anomalies_found: 0`, skip to Step 5 (reporter still runs).
### Step 4 — Spawn Risk Classifier
Use the Agent tool to spawn the `risk-classifier` agent:
```
Task: Read cyber-defense-anomalies.json and classify overall risk. Write result to cyber-defense-risk.json.
```
### Step 5 — Spawn Threat Reporter
Use the Agent tool to spawn the `threat-reporter` agent:
```
Task: Read cyber-defense-events.json, cyber-defense-anomalies.json, and cyber-defense-risk.json. Generate a complete incident report and save it to cyber-defense-report.md.
```
### Step 6 — Summarize for User
Read `cyber-defense-risk.json` and present:
```
✅ Analysis complete
Risk Level : HIGH
Score : 74/100
Threats : 2 anomalies detected
Report : cyber-defense-report.md
Primary threat: Brute force attack from 192.168.1.105
Immediate action required: [first recommended_action]
```
## Error Handling
- Agent fails at step 2: Tell user, stop pipeline, show raw error.
- Agent fails at step 3+: Show partial results, note which stage failed.
- Log file not found: "File [path] not found. Provide a valid path or paste log content."
## Cost Estimate
| Stage | Model | Typical tokens |
|-------|-------|----------------|
| log-ingestor | haiku | ~2K |
| anomaly-detector | sonnet | ~3K |
| risk-classifier | sonnet | ~2K |
| threat-reporter | sonnet | ~3K |
| **Total** | | **~10K** |
For large log files (>10K lines), log-ingestor may use up to 20K tokens.
## Example Usage
```
/cyber-defense-team /var/log/nginx/access.log
/cyber-defense-team /tmp/auth.log
```Related Skills
voice-refine
Transform verbose voice input into structured, token-efficient Claude prompts. Use when cleaning up voice memos, dictation output, or speech-to-text transcriptions that contain filler words, repetitions, and unstructured thoughts.
talk-stage6-revision
Produces revision sheets with quick navigation by act, a master concept-to-URL table, Q&A cheat-sheet with 6-10 anticipated questions, glossary, and external resources list. Use when preparing for a talk with Q&A, creating shareable reference material for attendees, or building a safety-net glossary for live delivery.
talk-stage5-script
Produces a complete 5-act pitch with speaker notes, a slide-by-slide specification, and a ready-to-paste Kimi prompt for AI slide generation. Requires validated angle and title from Stage 4. Use when you have a confirmed talk angle and need the full script, slide spec, and AI-generated presentation prompt.
talk-stage4-position
Generates 3-4 strategic talk angles with strength/weakness analysis, title options, CFP descriptions, and a peer feedback draft, then enforces a mandatory CHECKPOINT for user confirmation before scripting. Use when deciding how to frame a talk, preparing a CFP submission, or choosing between multiple narrative angles.
talk-stage3-concepts
Builds a numbered, categorized concept catalogue from the talk summary and timeline, scoring each concept HIGH / MEDIUM / LOW for talk potential with optional repo enrichment. Use when you need a structured inventory of concepts before choosing a talk angle, or when assessing which ideas have the strongest presentation potential.
talk-stage2-research
Performs git archaeology, changelog analysis, and builds a verified factual timeline by cross-referencing git history with source material. REX mode only — skipped automatically in Concept mode. Use when building a REX talk and you need verified commit metrics, release timelines, and contributor data from a git repository.
talk-stage1-extract
Extracts and structures source material (articles, transcripts, notes) into a talk summary with narrative arc, themes, metrics, and gaps. Auto-detects REX vs Concept type. Use when starting a new talk from any source material or auditing existing material before committing to a talk.
talk-pipeline
Orchestrates the complete talk preparation pipeline from raw material to revision sheets, running 6 stages in sequence with human-in-the-loop checkpoints for REX or Concept mode talks. Use when starting a new talk pipeline, resuming a pipeline from a specific stage, or running the full end-to-end preparation workflow.
skill-creator
Scaffold a new Claude Code skill with SKILL.md, frontmatter, and bundled resources. Use when creating a custom skill, standardizing skill structure across a team, or packaging a skill for distribution.
rtk-optimizer
Wrap high-verbosity shell commands with RTK to reduce token consumption. Use when running git log, git diff, cargo test, pytest, or other verbose CLI output that wastes context window tokens.
release-notes-generator
Generate release notes in 3 formats (CHANGELOG.md, PR body, Slack announcement) from git commits. Automatically categorizes changes and converts technical language to user-friendly messaging. Use for releases, changelogs, version notes, what's new summaries, or ship announcements.
pr-triage
4-phase PR backlog management with audit, deep code review, validated comments, and optional worktree setup. Use when triaging pull requests, catching up on pending code reviews, or managing a backlog of open PRs. Args: 'all' to review all, PR numbers to focus (e.g. '42 57'), 'en'/'fr' for language, no arg = audit only.