cyber-attack-chain-analysis
by LocoLoboZ
Transform incident timelines into structured Cyber Kill Chain mappings and high-impact defensive roadmaps.
- Map fragmented incident logs to formal attack phases with evidence markers.
- Identify the specific phase where an intrusion could have been first detected.
- Generate a prioritized control improvement roadmap for security leadership.
$12
· or 60 creditsSecure checkout via Stripe
Included in download
- Map fragmented incident logs to formal attack phases with evidence markers.
- Identify the specific phase where an intrusion could have been first detected.
- terminal automation included
- Ready for including Claude Code
Sample input
Analyse this incident timeline against the Cyber Kill Chain and produce a phase-by-phase detection gap report for security leadership. The incident involved spearphishing delivery, a malicious macro, PowerShell execution, lateral movement via remote management tools, and data staging before exfiltration was detected. I have the alert log and the case notes from the investigation.
Sample output
The skill produces a structured report mapping each observed event to a Cyber Kill Chain phase with detection status (detected, missed, blocked, or unknown) and first detection point. It includes a phase-by-phase defensive gap assessment, a MITRE ATT&CK technique linkage table where evidence supports it, and a prioritised control improvement roadmap. An executive summary and a chronological event timeline are included, along with evidence gaps and validation questions for unresolved phases.
Transform incident timelines into structured Cyber Kill Chain mappings and high-impact defensive roadmaps.
$12
· or 60 creditsSecure checkout via Stripe
Included in download
- Map fragmented incident logs to formal attack phases with evidence markers.
- Identify the specific phase where an intrusion could have been first detected.
- terminal automation included
- Ready for including Claude Code
- Instant install
Sample input
Analyse this incident timeline against the Cyber Kill Chain and produce a phase-by-phase detection gap report for security leadership. The incident involved spearphishing delivery, a malicious macro, PowerShell execution, lateral movement via remote management tools, and data staging before exfiltration was detected. I have the alert log and the case notes from the investigation.
Sample output
The skill produces a structured report mapping each observed event to a Cyber Kill Chain phase with detection status (detected, missed, blocked, or unknown) and first detection point. It includes a phase-by-phase defensive gap assessment, a MITRE ATT&CK technique linkage table where evidence supports it, and a prioritised control improvement roadmap. An executive summary and a chronological event timeline are included, along with evidence gaps and validation questions for unresolved phases.
About This Skill
Stop Guessing, Start Mapping
Modern incident response requires more than just a list of alerts; it demands a structured understanding of how an adversary progressed through your environment. This skill provides a rigorous, evidence-based analysis of intrusion activity using the Cyber Kill Chain framework. It transforms fragmented logs and timeline notes into a strategic defensive roadmap.
Advanced Analytical Depth
Unlike basic prompting, this skill enforces strict evidentiary standards. It distinguishes between confirmed facts and assumptions, identifies the 'first point of detection,' and highlights exactly where your visibility failed. It doesn't just list what happened; it analyzes why it wasn't stopped sooner.
Framework & Tool Agnostic
- Frameworks: Primary mapping to Cyber Kill Chain with secondary support for MITRE ATT&CK® tactics and techniques.
- Enterprise Integration: Adaptable to any security stack (SIEM, EDR, XDR) provided by the user.
- Strategic Output: Generates executive summaries, detection gap registers, and prioritized remediation roadmaps.
Why This Skill?
Security analysts often struggle to translate technical findings into leadership-ready reports. This skill automates the heavy lifting of phase categorization and gap analysis while maintaining high-fidelity security standards, ensuring your post-incident reviews are objective, exhaustive, and actionable.
Use Cases
- Map fragmented incident logs to formal attack phases with evidence markers.
- Identify the specific phase where an intrusion could have been first detected.
- Generate a prioritized control improvement roadmap for security leadership.
- Correlate observed adversarial movement with MITRE ATT&CK techniques.
Known Limitations
- Not an automated scanner: requires manual input of logs/evidence.
- Phase mapping is subjective and depends on data quality.
- Does not provide live exploitation or malware analysis.
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/cyber-attack-chain-analysis -o /tmp/cyber-attack-chain-analysis.zip && unzip -o /tmp/cyber-attack-chain-analysis.zip -d ~/.claude/skills && rm /tmp/cyber-attack-chain-analysis.zipFree skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
File Scopes
Tags
Works with any agent that supports the Universal SKILL.md standard, including Claude Code, Codex CLI, Cursor, VS Code Copilot, Gemini CLI, OpenClaw, and 20+ compatible agents.
Creator
I design and publish skills built from real professional practice across three areas: cyber security consulting, business operations, and AI workflow engineering. My cyber security skills draw on active advisory work spanning governance, risk, compliance, assurance, and executive reporting. They are built for practitioners who need structured, defensible outputs - not generic templates. My business operations skills cover the day-to-day work of running a consulting practice: bookkeeping, financial tracking, expense reconciliation, and marketing content - designed to reduce repetitive overhead and keep outputs consistent. My AI platform and workflow skills are built for people who want to get more out of Claude and similar platforms - covering prompt engineering, skill architecture, automation pipelines, and agent enhancement. Every skill I publish has been tested in production use before it reaches the marketplace. If it is here, it works.
Frequently Asked Questions
Learn More About AI Agent Skills
More Premium Skills
designing-hybrid-context-layers
Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.
ai-automation-qa-pack
Professional QA & UAT documentation generator for AI automation agencies and complex agent deployments.
Bounty Security Pattern Master Library — 399 Vulnerability Patterns
A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.
cinematic-sites
Turn any basic business URL into a high-end cinematic landing page with AI-generated 4K assets and GSAP animations.