secops-hunt
Expert guidance for proactive threat hunting. Use this when the user asks to "hunt" for threads, IOCs, or specific TTPs.
71
57%
Does it follow best practices?
Impact
97%
2.02xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./extensions/google-secops/skills/hunt/SKILL.mdEvaluation results
99%
74%Threat Hunt Playbook: APT29 Infrastructure Indicators
IOC hunt query formulation
IP query fields
0%
100%
Domain query fields
0%
100%
Hash query fields
0%
100%
URL query field
0%
100%
Initial IOC scan tool
0%
100%
Remote vs Local distinction
50%
100%
Two-phase structure
100%
100%
Phase 2 context scope
100%
100%
Related case search
37%
100%
Output options
0%
100%
Report format
0%
83%
SOAR case posting
0%
100%
100%
31%Credential Theft Hunt Playbook
TTP hunt loop methodology
MITRE research step
100%
100%
Hunt loop structure
100%
100%
udm_search for execution
12%
100%
Noisy result handling
100%
100%
Empty result handling
100%
100%
Loop termination condition
100%
100%
Entity enrichment Remote
0%
100%
Entity enrichment Local
0%
100%
Documentation step
100%
100%
Escalation step
100%
100%
Remote vs Local awareness
25%
100%
Anomaly analysis
100%
100%
93%
43%GTI Campaign Hunt: Finding Related Cases and Reporting
GTI campaign hunt workflow and SOAR integration
Initial scan tool named
0%
100%
IP query syntax
33%
100%
Domain query syntax
22%
100%
URL query syntax
62%
100%
Phase 2 context investigation
100%
100%
list_cases usage
0%
100%
Case detail lookup
0%
0%
Findings synthesis
87%
100%
Next steps options
100%
100%
Markdown format
100%
100%
Remote vs Local tools noted
0%
100%
SOAR case action described
90%
100%
- Repository
- google/mcp-security
- Commit
9774ce8
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.