2
    attack-pattern-library-builder

    attack-pattern-library-builder

    by LocoLoboZ

    Transform CTI reports into structured attack pattern libraries mapped to MITRE ATT&CK for threat-informed defense.

    Updated Jun 2026
    Security scanned
    Universal SKILL.md Standard

    $15

    · or 75 credits

    30-day refund guarantee

    Secure checkout via Stripe

    Included in download

    • Transform unstructured CTI reports into searchable attack pattern libraries.
    • Map adversary behaviors to MITRE ATT&CK techniques with source provenance.
    • terminal automation included
    • Ready for Universal SKILL.md Standard
    • Instant install

    Sample input

    Analyze this report excerpt: 'Actor used encoded PowerShell commands to download the stage-2 dropper.' Map it to ATT&CK and provide detection engineering inputs.

    Sample output

    T1059.001 - PowerShell Confidence: High Evidence: "Actor used encoded PowerShell commands to download the stage-2 dropper." Detection Input: Monitor Process_Creation events where parent is cmd.exe and command_line contains '-enc'. Data Source: Process Command Line, Script Block Logging.

    About This Skill

    Transform Threat Intelligence into Actionable Defense

    The Attack Pattern Library Builder is a specialized skill for security engineers and CTI analysts who need to bridge the gap between raw threat reports and defensive posture. It automates the tedious process of parsing cyber threat intelligence (CTI) to extract specific adversary behaviors, ensuring your defense remains threat-informed and evidence-based.

    What it does

    • Behavior Extraction: Pulls evidenced procedures from incident reports, advisories, and malware write-ups.
    • ATT&CK Mapping: Maps behaviors to specific MITRE ATT&CK techniques with high-fidelity source provenance.
    • STIX Structuring: Generates STIX 2.1-inspired attack pattern records for use in TIPs or internal databases.
    • Detection Engineering: Translates attacker TTPs into telemetry requirements and detection opportunities.

    Why use this skill?

    While generic AI might summarize a report, this skill follows strict defensive quality gates. It refuses to "invent" mappings, ensures every technique is tied to a source sentence, and separates tools from procedures. It prevents "hallucinated" security coverage by requiring specific evidence before marking a technique as detected. The result is a professional-grade library that is ready for ingestion into SIEMs, EDRs, or GRC platforms.

    Supported Outputs

    Produces structured JSON (STIX-style), markdown tables, detection backlogs, and Navigator-compatible layers.

    Use Cases

    • Transform unstructured CTI reports into searchable attack pattern libraries.
    • Map adversary behaviors to MITRE ATT&CK techniques with source provenance.
    • Generate STIX-compliant records for ingestion into Threat Intel Platforms.
    • Identify telemetry gaps and detection opportunities from recent threat reports.
    • Consolidate TTPs from multiple malware reports into a single defensive backlog.

    Reviews

    No reviews yet - be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    Terminal / Shell

    Tags

    cybersecurity
    detection-engineering
    infosec
    mitre-attack
    stix
    threat-intelligence

    Universal SKILL.md Standard

    Creator

    LocoLoboZ

    I design and publish skills built from real professional practice across three areas: cyber security consulting, business operations, and AI workflow engineering. My cyber security skills draw on active advisory work spanning governance, risk, compliance, assurance, and executive reporting. They are built for practitioners who need structured, defensible outputs - not generic templates. My business operations skills cover the day-to-day work of running a consulting practice: bookkeeping, financial tracking, expense reconciliation, and marketing content - designed to reduce repetitive overhead and keep outputs consistent. My AI platform and workflow skills are built for people who want to get more out of Claude and similar platforms - covering prompt engineering, skill architecture, automation pipelines, and agent enhancement. Every skill I publish has been tested in production use before it reaches the marketplace. If it is here, it works.

    Frequently Asked Questions

    Learn More About AI Agent Skills

    More Premium Skills

    designing-hybrid-context-layers

    Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.

    $1015 installs

    ai-automation-qa-pack

    Professional QA & UAT documentation generator for AI automation agencies and complex agent deployments.

    $59 installs

    Bounty Security Pattern Master Library — 399 Vulnerability Patterns

    A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.

    $758 installs

    keyword-research

    Transform URLs or product lists into SEO keyword research packs with Google Ads data and intent-based clustering.

    $77 installs