killvxk/analyzing-threat-landscape-with-misp
skills/analyzing-threat-landscape-with-misp/SKILL.md
使用 MISP(恶意软件信息共享平台)通过查询事件统计、属性分布、威胁行为者 galaxy 集群和标签趋势来分析威胁态势。使用 PyMISP 拉取事件数据、计算 IOC 类型分布、识别顶级威胁行为者和恶意软件家族,并生成含时序趋势的威胁态势报告。
$ install --global
skillsauthnpx skillsauth add killvxk/cybersecurity-skills-zh analyzing-threat-landscape-with-mispInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 17, 2026, 4:25 AM25.4s3 files scanned
SKILL.md
- name:
- analyzing-threat-landscape-with-misp
- description:
- >-
- domain:
- cybersecurity
- subdomain:
- threat-intelligence
- tags:
- [analyzing, threat, landscape, with]
- version:
- 1.0
- author:
- mahipal
- license:
- Apache-2.0
使用说明
- 安装依赖:
pip install pymisp - 配置 MISP URL 和 API 密钥。
- 运行代理以生成威胁态势分析:
- 按威胁级别和日期范围拉取事件统计
- 分析属性类型分布(IP、域名、哈希、URL)
- 从事件标签中识别顶级 MITRE ATT&CK 技术
- 通过 galaxy 集群追踪威胁行为者活动
- 生成 IOC 提交量的时序趋势分析
python scripts/agent.py --misp-url https://misp.local --api-key YOUR_KEY --days 90 --output landscape_report.json
示例
威胁态势摘要
分析周期: 最近 90 天
分析事件数: 1,247
主要威胁级别: 高(43%)
主要属性类型: ip-dst(31%)、domain(22%)、sha256(18%)
主要 MITRE 技术: T1566 钓鱼(89 个事件)
主要威胁行为者: APT28(34 个事件)
Related Skills
killvxk/conducting-social-engineering-penetration-test
testing
VerifiedTrustedCommunity
设计并执行社会工程学渗透测试,包括钓鱼、语音钓鱼、短信钓鱼和物理借口活动,以衡量人员安全韧性并识别培训差距。
10SKILL.mdUpdated Apr 29, 2026
killvxk/conducting-post-incident-lessons-learned
testing
VerifiedTrustedCommunity
主持结构化的事件后审查,以识别根本原因、记录有效和无效的措施,并提出可操作的改进建议以提升未来的事件响应能力。
10SKILL.mdUpdated Apr 29, 2026
killvxk/conducting-phishing-incident-response
testing
VerifiedTrustedCommunity
通过分析举报的邮件、提取指标、评估凭据受攻陷情况、在全组织范围隔离恶意邮件并修复受影响账号来响应网络钓鱼事件。涵盖邮件头分析、URL/附件沙箱检测和邮箱范围清除操作。适用于网络钓鱼响应、邮件事件、凭据钓鱼、鱼叉式网络钓鱼调查或钓鱼修复相关请求。
10SKILL.mdUpdated Apr 29, 2026
killvxk/conducting-pass-the-ticket-attack
tools
VerifiedTrustedCommunity
票据传递(Pass-the-Ticket,PtT)是一种横向移动技术,使用窃取的 Kerberos 票据(TGT 或 TGS)在不知道用户密码的情况下向服务进行认证。通过从已控制的主机内存中提取 Kerberos 票据,攻击者可以将这些票据注入自己的会话以模拟票据所有者。
10SKILL.mdUpdated Apr 29, 2026