Skills

Security Alert Triage

verified
Last updatedUpdated May 27, 2026

What this skill does

Automatically triages security alerts from AWS GuardDuty, CloudTrail, and other cloud security services. Classifies each alert by severity and type, correlates related events, filters false positives, suggests response actions, and routes critical alerts to the appropriate team via Slack and PagerDuty.

Example

InputPROMPT

We have 340 GuardDuty findings from the last 24 hours across 5 AWS accounts. Need help triaging: classify severity, flag false positives (we have known pentest IPs and dev sandbox activity), and route critical/high to our security-oncall Slack channel and PagerDuty.

OutputOUTPUT
Security Alert Triage Summary — Last 24h | Severity | Count | Auto-Resolved | Action Required | |-----------|-------|---------------|-----------------| | Critical | 2 | 0 | 2 | | High | 12 | 1 | 11 | | Medium | 85 | 42 | 43 | | Low/Info | 241 | 198 | 43 | |-----------|-------|---------------|-----------------| | Total | 340 | 241 | 99 | False Positive Rate: ~28% (pentest IPs, known dev sandbox) Routed to Slack: 14 alerts (Critical + High) PagerDuty incidents created: 2 (Critical only) Top Critical Alerts: 1. [GuardDuty] UnauthorizedAccess:EC2/SSHBruteForce — i-0abc123, us-east-1 2. [GuardDuty] Backdoor:EC2/C&CActivity.B!DNS — i-0def456, eu-west-1

Required Tools

SlackSlack
AWSAWS
PagerDutyPagerDuty

Compatible Agents

ClaudeClaude
CursorCursor
WindsurfWindsurf
ChatGPTChatGPT
GitHub CopilotGitHub Copilot
Any MCP-compatible agentAny MCP-compatible agent
Integration

Add to your agent

Download Skill

Or install via CLI:

$ npx skills add webrix-ai/agent-skills --skill security-alert-triage

Enterprise

Deploy Org-wide

SSO readyProvision to teams via RBAC
SecurityIdentity-aware execution
ComplianceSigned & verified skills
AnalyticsFull audit trail
GovernanceAuto-bundled with required MCP servers
Use withwillow
Get started

Free for up to 5 users

Related Skills

A/B Testing

verified

Helps design statistically rigorous A/B tests for marketing campaigns, landing pages, and product features. Calculates required sample sizes, defines success metrics, sets up test variants, and analyzes results with confidence intervals. Prevents common testing mistakes like peeking and underpowered tests.

AI Adoption Dashboard Builder

verified

Creates a multi-tab analytics dashboard for tracking AI tool adoption across your engineering organization. Includes executive KPIs, team-level adoption curves, per-tool usage breakdowns, productivity impact comparisons, and cost tracking. Optionally generates a Grafana dashboard JSON for real-time monitoring.

AI Adoption Readiness Assessment

verified

A structured assessment framework that scores your organization across five critical dimensions of AI readiness. Produces an actionable scorecard with prioritized recommendations, a detailed gap analysis spreadsheet, and optional Jira tickets to track remediation efforts.

AI Champion Onboarding Kit

verified

Creates a complete onboarding package for department-level AI champions who will drive adoption within their teams. Includes a modular training curriculum (AI fundamentals, tool-specific training, change management, security), a week-by-week rollout playbook, success metrics with targets, and ready-to-use templates for workshops, surveys, and team communications.

Your agents are already in the wild.

Give them a Basecamp. Go from AI chaos to AI work, in minutes.

Get Started
Get started
See a Demo
Security Alert Triage | Willow Marketplace