security-detections-mcp

security-detections-mcp Skill by ara.so — Security Skills collection An MCP (Model Context Protocol) server providing LLM access to 8,200+ security detection rules across Sigma, Splunk ESCU, Elastic, KQL, Sublime, and CrowdStrike CQL formats, with MITRE ATT&CK mapping, coverage analysis, and autonomous detection engineering. What It Does Unified detection search across 6 major security platforms (Sigma, Splunk, Elastic, KQL, Sublime, CrowdStrike) MITRE ATT&CK integration with 172 threat actors, 784 software, 4,362 actor-technique relationships Coverage analysis identifying gaps in detection by tactic/technique/actor ATT&CK Navigator layers exportable as JSON for visualization Autonomous detection pipeline from CTI ingestion to draft PR generation 81 MCP tools for detection engineering (local) or ~25 tools (hosted) 11 expert prompts for ransomware assessment, APT emulation, purple teaming Installation Local Installation (Full Power) Show more Installs 499 Repository aradotso/security-skills GitHub Stars 1 First Seen May 20, 2026 Security Audits Gen Agent Trust Hub Pass Socket Warn Snyk Warn