detection-tuner
Investigate noisy/common alerts and create false positive (FP) rules to suppress benign detections. Analyzes detection frequency over 7 days, identifies patterns, generates and tests FP rules with operator approval before deployment. Use for tuning detection noise, reducing alert fatigue, suppressing known-safe activity, or when specific detections need filtering. Human-in-the-loop workflow ensures no FP rules are deployed without explicit approval.
Installation and usage
Investigate noisy/common alerts and create false positive (FP) rules to suppress benign detections. Analyzes detection frequency over 7 days, identifies patterns, generates and tests FP rules with operator approval before deployment. Use for tuning detection noise, reducing alert fatigue, suppressing known-safe activity, or when specific detections need filtering. Human-in-the-loop workflow ensures no FP rules are deployed without explicit approval.
После установки вы можете использовать этот skill, выполнив следующую команду в терминале:
skills use detection-tuner