AgentSkillsCN

Threat Intelligence Skills

当用户要求“展示威胁”、“获取我的简报”、“了解关键威胁”、“分析 CVE”、“检查漏洞”、“揭示核心威胁”、“追踪热门攻击”,或提及威胁情报、安全简报、漏洞分析、KEV、EPSS,或 CVSS 时,可使用该技能组。 该技能组提供个性化的威胁情报能力,包括每日简报、关键警报、CVE 分析以及趋势监测。

SKILL.md
--- frontmatter
name: Threat Intelligence Skills
description: |
  Use this skill group when the user asks to "show threats", "get my briefing", "what's critical", "analyze CVE", "check vulnerabilities", "crown jewel threats", "trending attacks", or mentions threat intelligence, security briefings, vulnerability analysis, KEV, EPSS, or CVSS.

  This skill group provides personalized threat intelligence capabilities including daily briefings, critical alerts, CVE analysis, and trend monitoring.
version: 2.1.0

Threat Intelligence Skills

This skill group provides personalized threat intelligence capabilities for NOMAD v2.0.

Available Commands

CommandDescriptionArguments
/threatsLatest personalized threat briefingNone
/criticalCritical and KEV-listed threats onlyNone
/cveDetailed CVE analysis[CVE-ID]
/crown-jewelThreats to specific crown jewels[system-name] (optional)
/trendingTrending threats and attack vectorsNone

Agent Integration

These commands coordinate with NOMAD agents:

  • query-handler: Routes and orchestrates requests
  • threat-collector: Fetches raw threat data from RSS feeds
  • intelligence-processor: Enriches with CVSS/EPSS/KEV data
  • truth-verifier: Validates threat accuracy
  • threat-synthesizer: Generates personalized responses

Data Sources

  • config/user-preferences.json - Organization profile and crown jewels
  • config/threat-sources.json - Feed configuration
  • data/threats-cache.json - Cached threat intelligence

Trigger Patterns

These commands are auto-suggested when users:

  • Mention CVE IDs (e.g., "CVE-2024-12345")
  • Ask about threats ("what threats", "show me threats", "threat briefing")
  • Ask about vulnerabilities ("vulnerability", "critical", "KEV")
  • Mention security assets ("crown jewel", "protect my database")
  • Ask about trends ("trending", "emerging", "new attack")