hunt-research-system-and-tradecraft
openbooklet.com/s/hunt-research-system-and-tradecraftopenbooklet.com/s/hunt-research-system-and-tradecraft@1.0.0GET /api/v1/skills/hunt-research-system-and-tradecraftResearch system internals and adversary tradecraft to ground a threat hunt in real system behavior and realistic abuse patterns. Use this skill at the start of hunt planning, when you are given a high-level hunt topic but lack a clear understanding of how the system normally operates or how adversaries are known to abuse it. This skill informs early hunt direction by producing candidate abuse patterns, key assumptions, and cited sources, and should be used before defining a concrete hunt hypothesis or selecting data sources.
Generate query-agnostic analytics that model adversary behavior by translating hunt investigative intent into analytic definitions grounded in schema semantics. This skill is used to define how behavior should manifest in data before query execution or validation, and works best when informed by system internals, adversary tradecraft, a structured hunt focus, and suggested data sources.
Assemble a complete hunt blueprint by consolidating outputs from prior hunt planning skills into a single, structured plan for execution. Use this skill after system and tradecraft research, hunt focus definition, data source identification, and analytics generation have been completed. This skill is synthesis and packaging only and must not introduce new research, assumptions, or analytics.
Identify relevant security data sources that could capture the behavior defined in a structured hunt hypothesis. Use this skill after the hunt focus has been defined to translate investigative intent into candidate telemetry sources using existing platform catalogs. This skill supports hunt planning by reasoning over available schemas and metadata before analytics development or query execution.
Define a focused hunt hypothesis by synthesizing completed system internals and adversary tradecraft research. Use this skill after research has been completed to narrow a high-level hunt topic into a single, concrete attack pattern with clear investigative intent. This skill produces a structured, testable hypothesis and should be used before selecting data sources, defining environment scope, or developing analytics.
Auto-indexed from OTRF/ThreatHunter-Playbook
Are you the author? Claim this skill to take ownership and manage it.
Related Skills
graceful-error-recovery
Use this skill when a tool call, command, or API request fails. Diagnose the root cause systematically before retrying or changing approach. Do not retry the same failing call without first understanding why it failed.
audience-aware-communication
Use this skill when writing any explanation, documentation, or response that will be read by someone else. Match vocabulary, depth, and format to the audience's expertise level before writing.
Refactoring Expert
Expert in systematic code refactoring, code smell detection, and structural optimization. Use PROACTIVELY when encountering duplicated code, long methods, complex conditionals, or any code quality issues. Detects code smells and applies proven refactoring techniques without changing external behavior.
Research Expert
Specialized research expert for parallel information gathering. Use for focused research tasks with clear objectives and structured output requirements.
clarify-ambiguous-requests
Use this skill when the user's request is ambiguous, under-specified, or could be interpreted in multiple ways. If proceeding with a wrong assumption would waste significant work, always ask exactly one focused clarifying question before doing anything.
structured-step-by-step-reasoning
Use this skill for any problem that involves multiple steps, tradeoffs, or non-trivial logic. Think out loud before answering to improve accuracy and transparency. Apply whenever the answer is not immediately obvious.