Public benchLIVE

What's on the bench.

5,040
Artifacts
26
Industries
18
Reads / week

All artifacts

5040
Industry
SKILL0

Building Soc Playbook For Ransomware

Builds a structured SOC incident response playbook for ransomware attacks covering detection, containment, eradication, and recovery phases with specific SIEM queries, isolation procedures, and decision trees. Use when SOC teams need formalized response procedures for ransomware incidents aligned to NIST SP 800-61 and MITRE ATT&CK ransomware techniques.

cybersecurity-soc
0
SKILL0

Building Soc Metrics And Kpi Tracking

Builds SOC performance metrics and KPI tracking dashboards measuring Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), alert quality ratios, analyst productivity, and detection coverage using SIEM data. Use when SOC leadership needs operational visibility, continuous improvement tracking, or executive-level reporting on security operations effectiveness.

cybersecurity-soc
0
SKILL0

Building Soc Escalation Matrix

Build a structured SOC escalation matrix defining severity tiers, response SLAs, escalation paths, and notification procedures for security incidents.

cybersecurity-soc
0
SKILL0

Building Role Mining For Rbac Optimization

Apply bottom-up and top-down role mining techniques to discover optimal RBAC roles from existing user-permission assignments, reducing role explosion and enforcing least privilege.

cybersecurity-soc
0
SKILL0

Building Red Team C2 Infrastructure With Havoc

Deploy and configure the Havoc C2 framework with teamserver, HTTPS listeners, redirectors, and Demon agents for authorized red team operations.

cybersecurity-soc
0
SKILL0

Building Ransomware Playbook With Cisa Framework

Builds a structured ransomware incident response playbook aligned with the CISA StopRansomware Guide and NIST Cybersecurity Framework. Covers preparation, detection, containment, eradication, recovery, and post-incident phases with actionable checklists. Activates for requests involving ransomware response planning, CISA compliance, incident response playbook creation, or ransomware preparedness assessment.

cybersecurity-soc
0
SKILL0

Building Phishing Reporting Button Workflow

Implement a phishing report button in email clients with automated triage workflow that analyzes user-reported suspicious emails and provides feedback to reporters.

cybersecurity-soc
0
SKILL0

Building Patch Tuesday Response Process

Establish a structured operational process to triage, test, and deploy Microsoft Patch Tuesday security updates within risk-based remediation SLAs.

cybersecurity-soc
0
SKILL0

Building Malware Incident Communication Template

Build structured communication templates for malware incidents including stakeholder notifications, executive briefings, technical advisories, and regulatory disclosures with severity-based escalation procedures.

cybersecurity-soc
0
SKILL0

Building Ioc Enrichment Pipeline With Opencti

OpenCTI is an open-source platform for managing cyber threat intelligence knowledge, built on STIX 2.1 as its native data model. This skill covers building an automated IOC enrichment pipeline using O

cybersecurity-soc
0
SKILL0

Building Ioc Defanging And Sharing Pipeline

Build an automated pipeline to defang indicators of compromise (URLs, IPs, domains, emails) for safe sharing and distribute them in STIX format through TAXII feeds and threat intelligence platforms.

cybersecurity-soc
0
SKILL0

Building Incident Timeline With Timesketch

Build collaborative forensic incident timelines using Timesketch to ingest, normalize, and analyze multi-source event data for attack chain reconstruction and investigation documentation.

cybersecurity-soc
0
SKILL0

Building Incident Response Dashboard

Builds real-time incident response dashboards in Splunk, Elastic, or Grafana to provide SOC analysts and leadership with situational awareness during active incidents, tracking affected systems, containment status, IOC spread, and response timeline. Use when IR teams need unified visibility during incident coordination and post-incident reporting.

cybersecurity-soc
0
SKILL0

Building Identity Federation With Saml Azure Ad

Establish SAML 2.0 identity federation between on-premises Active Directory and Azure AD (Microsoft Entra ID) for seamless cross-domain authentication and SSO to cloud applications.

cybersecurity-soc
0
SKILL0

Building Devsecops Pipeline With GitLab CI

Design and implement a comprehensive DevSecOps pipeline in GitLab CI/CD integrating SAST, DAST, container scanning, dependency scanning, and secret detection.

cybersecurity-soc+1
0
SKILL0

Building Detection Rules With Sigma

Builds vendor-agnostic detection rules using the Sigma rule format for threat detection across SIEM platforms including Splunk, Elastic, and Microsoft Sentinel. Use when creating portable detection logic from threat intelligence, mapping rules to MITRE ATT&CK techniques, or converting community Sigma rules into platform-specific queries using sigmac or pySigma backends.

cybersecurity-soc
0
SKILL0

Building Detection Rule With Splunk Spl

Build effective detection rules using Splunk Search Processing Language (SPL) correlation searches to identify security threats in SOC environments.

cybersecurity-soc
0
SKILL0

Building Cloud Siem With Sentinel

This skill covers deploying Microsoft Sentinel as a cloud-native SIEM and SOAR platform for centralized security operations. It details configuring data connectors for multi-cloud log ingestion, writing KQL detection queries, building automated response playbooks with Logic Apps, and leveraging the Sentinel data lake for petabyte-scale threat hunting across AWS, Azure, and GCP security telemetry.

cybersecurity-soc
0
SKILL0

Building C2 Infrastructure With Sliver Framework

Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with redirectors, HTTPS listeners, and multi-operator support for authorized red team engagements.

cybersecurity-soc
0
SKILL0

Building Automated Malware Submission Pipeline

Builds an automated malware submission and analysis pipeline that collects suspicious files from endpoints and email gateways, submits them to sandbox environments and multi-engine scanners, and generates verdicts with IOCs for SIEM integration. Use when SOC teams need to scale malware analysis beyond manual sandbox submissions for high-volume alert triage.

cybersecurity-soc
0
SKILL0

Building Attack Pattern Library From Cti Reports

Extract and catalog attack patterns from cyber threat intelligence reports into a structured STIX-based library mapped to MITRE ATT&CK for detection engineering and threat-informed defense.

cybersecurity-soc
0
SKILL0

Building Adversary Infrastructure Tracking System

Build an automated system to track adversary infrastructure using passive DNS, certificate transparency, WHOIS data, and IP enrichment to map and monitor threat actor command-and-control networks.

cybersecurity-soc
0
SKILL0

Automating Ioc Enrichment

Automates the enrichment of raw indicators of compromise with multi-source threat intelligence context using SOAR platforms, Python pipelines, or TIP playbooks to reduce analyst triage time and standardize enrichment outputs. Use when building automated enrichment workflows integrated with SIEM alerts, email submission pipelines, or bulk IOC processing from threat feeds. Activates for requests involving SOAR enrichment, Cortex XSOAR, Splunk SOAR, TheHive, Python enrichment pipelines, or automated IOC processing.

cybersecurity-soc
0
SKILL0

Auditing Tls Certificate Transparency Logs

Monitors Certificate Transparency (CT) logs to detect unauthorized certificate issuance, discover subdomains via CT data, and alert on suspicious certificate activity for owned domains. Uses the crt.sh API and direct CT log querying based on RFC 6962 to build continuous monitoring pipelines that catch rogue certificates, track CA behavior, and map the external attack surface. Activates for requests involving certificate transparency monitoring, CT log auditing, subdomain discovery via certificates, or certificate issuance alerting.

cybersecurity-soc
0

Want your own bench?

Free for crews of 5. Connect your team in minutes.

Sign up free