apt-group-mitre-navigator-analysis
by LocoLoboZ
Transform APT threat intelligence into MITRE ATT&CK Navigator layers and prioritized detection gap analyses.
- Generate a MITRE ATT&CK Navigator layer for a specific threat actor campaign.
- Identify blind spots in EDR/SIEM coverage based on real-world APT techniques.
- Translate PDF threat intelligence reports into actionable technique lists.
$10
· or 50 creditsSecure checkout via Stripe
Included in download
- Generate a MITRE ATT&CK Navigator layer for a specific threat actor campaign.
- Identify blind spots in EDR/SIEM coverage based on real-world APT techniques.
- terminal automation included
- Ready for including Claude Code
Sample input
Analyse APT29 using MITRE ATT&CK Enterprise. Produce a Navigator layer specification and a detection gap analysis. I have attached our SIEM use case register as the coverage evidence source. Focus on Windows and identity platforms.
Sample output
The skill confirms the ATT&CK domain and platform scope, produces an APT29 group profile summary with aliases and ATT&CK group ID, maps all documented techniques to tactics and sub-techniques, generates a Navigator layer specification in structured JSON-ready format with colour coding for covered, partially covered, and gap techniques, classifies detection coverage from the supplied SIEM use case register only, produces a gap register for uncovered high-priority techniques, and outputs a prioritised detection engineering backlog with data source requirements for each gap technique. All unconfirmed coverage is marked as unknown, and analyst validation questions are included for ambiguous mappings.
Transform APT threat intelligence into MITRE ATT&CK Navigator layers and prioritized detection gap analyses.
$10
· or 50 creditsSecure checkout via Stripe
Also available in a bundle
Included in download
- Generate a MITRE ATT&CK Navigator layer for a specific threat actor campaign.
- Identify blind spots in EDR/SIEM coverage based on real-world APT techniques.
- terminal automation included
- Ready for including Claude Code
- Instant install
Sample input
Analyse APT29 using MITRE ATT&CK Enterprise. Produce a Navigator layer specification and a detection gap analysis. I have attached our SIEM use case register as the coverage evidence source. Focus on Windows and identity platforms.
Sample output
The skill confirms the ATT&CK domain and platform scope, produces an APT29 group profile summary with aliases and ATT&CK group ID, maps all documented techniques to tactics and sub-techniques, generates a Navigator layer specification in structured JSON-ready format with colour coding for covered, partially covered, and gap techniques, classifies detection coverage from the supplied SIEM use case register only, produces a gap register for uncovered high-priority techniques, and outputs a prioritised detection engineering backlog with data source requirements for each gap technique. All unconfirmed coverage is marked as unknown, and analyst validation questions are included for ambiguous mappings.
About This Skill
What it does
This skill transforms threat intelligence into actionable cyber defense strategies. It analyzes APT groups, campaigns, and TTP sets to generate MITRE ATT&CK Navigator layers, detection gap analyses, and prioritized engineering backlogs. By mapping actor behavior against your specific security stack, it identifies exactly where your monitoring is blind and where it is robust.
Why use this skill
Unlike basic LLM prompting, this skill follows a strict defensive methodology to ensure accuracy and appliance neutrality. It prevents "hallucinated coverage" by requiring evidence before marking a technique as detected. It bridges the gap between raw threat intel and SOC operations by producing machine-readable Navigator JSON and human-readable risk summaries, ensuring your detection engineering team focuses on the highest-probability threats.
Supported Analysis & Outputs
- ATT&CK Navigator Integration: Generates and validates functional JSON layer specifications for visualization.
- Gap Analysis: Compares actor techniques against EDR, SIEM, and NDR rule sets to find coverage holes.
- Detection Prioritization: Ranks techniques based on actor usage, data source feasibility, and environment relevance.
- Threat Profiling: Summarizes intrusion sets and campaigns with precise technique-to-tactic mapping.
Use Cases
- Generate a MITRE ATT&CK Navigator layer for a specific threat actor campaign.
- Identify blind spots in EDR/SIEM coverage based on real-world APT techniques.
- Translate PDF threat intelligence reports into actionable technique lists.
- Prioritize detection engineering tasks based on threat actor prevalence.
- Compare multiple intrusion sets to find common TTPs for baseline defense.
Known Limitations
- Cannot execute actual SIEM queries or EDR scans.
- Accuracy depends on user-provided detection logs.
- Navigator JSON requires external viewer for visualization.
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/apt-group-mitre-navigator-analysis -o /tmp/apt-group-mitre-navigator-analysis.zip && unzip -o /tmp/apt-group-mitre-navigator-analysis.zip -d ~/.claude/skills && rm /tmp/apt-group-mitre-navigator-analysis.zipFree skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
File Scopes
Works with any agent that supports the Universal SKILL.md standard, including Claude Code, Codex CLI, Cursor, VS Code Copilot, Gemini CLI, OpenClaw, and 20+ compatible agents. No external connectors required - operates from user-supplied ATT&CK data, threat reports, and detection evidence.
Creator
I design and publish skills built from real professional practice across three areas: cyber security consulting, business operations, and AI workflow engineering. My cyber security skills draw on active advisory work spanning governance, risk, compliance, assurance, and executive reporting. They are built for practitioners who need structured, defensible outputs - not generic templates. My business operations skills cover the day-to-day work of running a consulting practice: bookkeeping, financial tracking, expense reconciliation, and marketing content - designed to reduce repetitive overhead and keep outputs consistent. My AI platform and workflow skills are built for people who want to get more out of Claude and similar platforms - covering prompt engineering, skill architecture, automation pipelines, and agent enhancement. Every skill I publish has been tested in production use before it reaches the marketplace. If it is here, it works.
Also available in a bundle
Frequently Asked Questions
Learn More About AI Agent Skills
More Premium Skills
designing-hybrid-context-layers
Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.
ai-automation-qa-pack
Professional QA & UAT documentation generator for AI automation agencies and complex agent deployments.
Bounty Security Pattern Master Library — 399 Vulnerability Patterns
A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.
keyword-research
Transform URLs or product lists into SEO keyword research packs with Google Ads data and intent-based clustering.