Claude skill to assist LLM-powered analysis of Mitre ATT&CK techniques and sub-techniques. Use during detection engineering, CTI analysis, threat modelling, incident response or any other cybersecurity tasks.
Equips Claude with best practice and guidance for mapping ATT&CK techniques. Includes LLM optimised, token-efficient, resource files containing up to date context on all ATT&CK v19.1 technques and sub-techniques in a format specifiaclly designed for AI agents.
This skill can be used with Claude or any other AI agent (For ex. LangChain DeepAgents) that supports Anthropics Skills feature.
Download the analysing-attack-skill.zip file from this repo and install following your chosen AI agents documentation.
Alternativly, simply include the individual markdown files within prompts as required.
Resource files within this skill have been processed into a format specially designed for AI deep agents (such as Claude Code) to optimse token usage and maximise context efficiency. AI deep agents are able to progressibly load in skills and use commandline tools such as grep to selectivly search for keywords or IDs.
Each ATT&CK technique has been compressed using an LLM into a single line containing ID, Name, Keywords, Description and Platform.
Skills offer more token-efficent context and reduced tool calling latency over MCP or native tools fucntions and less complex setup and retrival than RAG.
The included notebook can be used to generate the compressed resouce files. claude-opus-4-7 costs approx $8-10 for all 697 techniques. Swap MODEL in the notebook for a cheaper model (e.g. claude-haiku-4-5) to trade quality for cost.
Additional resources will be added, such as Detection Strategies and Analytics.
A Evaluator-Optimiser workflow may be created to improve quality of outputs.
Develop evaluation harness to assess different compression models quality/costs and to benchmark effectiveness of Skills vs MCP/Tools/RAG.