implementing-diamond-model-analysis
The Diamond Model of Intrusion Analysis provides a structured framework for analyzing cyber intrusions by examining four core features - Adversary, Capability, Infrastructure, and Victim. This skill covers implementing the Diamond Model programmatically to classify and correlate intrusion events, build activity threads, and generate pivot-ready intelligence.
Works with
0
total installs
0
this week
8.6K
GitHub stars
0
upvotes
Install Skill
Run in your terminal
0
installs
0
this week
8.6K
stars
Installation Guide
How to use implementing-diamond-model-analysis on Cursor
AI-first code editor with Composer
Prerequisites
Before installing skills in Cursor, ensure your development environment meets these requirements:
- ›Cursor installed and configured on your machine
- ›Node.js 16+ with npm — verify with
node --version - ›Active project directory where you want to add
implementing-diamond-model-analysis
Run the install command
Execute the skills CLI command in your project's root directory to begin installation:
Fetches implementing-diamond-model-analysis from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
Select Cursor when prompted
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Verify installation
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate implementing-diamond-model-analysis. Access via /implementing-diamond-model-analysis in your agent's command palette.
Security Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Documentation
| name | implementing-diamond-model-analysis |
| description | The Diamond Model of Intrusion Analysis provides a structured framework for analyzing cyber intrusions by examining four core features - Adversary, Capability, Infrastructure, and Victim. This skill covers implementing the Diamond Model programmatically to classify and correlate intrusion events, build activity threads, and generate pivot-ready intelligence. |
| domain | cybersecurity |
| subdomain | threat-intelligence |
| tags | - threat-intelligence - cti - ioc - mitre-attack - stix - diamond-model - intrusion-analysis |
| version | '1.0' |
| author | mahipal |
| license | Apache-2.0 |
| nist_csf | - ID.RA-01 - ID.RA-05 - DE.CM-01 - DE.AE-02 |
Implementing Diamond Model Analysis
Overview
The Diamond Model of Intrusion Analysis provides a structured framework for analyzing cyber intrusions by examining four core features: Adversary, Capability, Infrastructure, and Victim. This skill covers implementing the Diamond Model programmatically to classify and correlate intrusion events, build activity threads linking related events, create activity-attack graphs, and generate pivot-ready intelligence from intrusion data.
When to Use
- When deploying or configuring implementing diamond model analysis capabilities in your environment
- When establishing security controls aligned to compliance requirements
- When building or improving security architecture for this domain
- When conducting security assessments that require this implementation
Prerequisites
- Python 3.9+ with
networkx,stix2,graphvizlibraries - Understanding of the Diamond Model core and meta-features
- Access to threat intelligence data (MISP/OpenCTI events)
- Familiarity with MITRE ATT&CK for capability mapping
Key Concepts
Diamond Model Core Features
- Adversary: The threat actor or operator conducting the intrusion
- Capability: The tools, techniques, and malware used (maps to ATT&CK)
- Infrastructure: C2 servers, domains, email addresses, hosting providers
- Victim: Target organization, system, person, or data asset
Meta-Features
- Timestamp: When the event occurred
- Phase: Kill chain stage (recon, delivery, exploitation, etc.)
- Result: Success, failure, or unknown
- Direction: Adversary-to-infrastructure, infrastructure-to-victim, etc.
- Methodology: Social engineering, technical exploit, insider threat
- Resources: Financial, human, technical resources required
Activity Threads and Groups
- Activity Thread: Sequence of Diamond events from a single adversary operation
- Activity Group: Cluster of threads attributed to the same adversary
Workflow
Step 1: Define Diamond Event Data Structure
from dataclasses import dataclass, field
from datetime import datetime
from typing import Optional
import json
import uuid
@dataclass
class DiamondEvent:
adversary: str = ""
capability: str = ""
infrastructure: str = ""
victim: str = ""
timestamp: str = ""
phase: str = ""
result: str = ""
direction: str = ""
methodology: str = ""
confidence: int = 0
notes: str = ""
event_id: str = field(default_factory=lambda: str(uuid.uuid4())[:8])
mitre_techniques: list = field(default_factory=list)
iocs: list = field(default_factory=list)
def to_dict(self):
return {
"event_id": self.event_id,
"adversary": self.adversary,
"capability": self.capability,
"infrastructure": self.infrastructure,
"victim": self.victim,
"timestamp": self.timestamp,
"phase": self.phase,
"result": self.result,
"direction": self.direction,
"methodology": self.methodology,
"confidence": self.confidence,
"mitre_techniques": self.mitre_techniques,
"iocs": self.iocs,
"notes": self.notes,
}
Step 2: Build Activity Thread from Events
import networkx as nx
class DiamondAnalysis:
def __init__(self):
self.events = []
self.graph = nx.DiGraph()
def add_event(self, event: DiamondEvent):
self.events.append(event)
self.graph.add_node(event.event_id, **event.to_dict())
def build_activity_thread(self):
"""Link events chronologically into activity threads."""
sorted_events = sorted(self.events, key=lambda e: e.timestamp)
for i in range(len(sorted_events) - 1):
self.graph.add_edge(
sorted_events[i].event_id,
sorted_events[i + 1].event_id,
relationship="followed_by",
)
def find_pivots(self):
"""Find pivot points where events share infrastructure or capabilities."""
pivots = {"infrastructure": {}, "capability": {}, "adversary": {}}
for event in self.events:
if event.infrastructure:
pivots["infrastructure"].setdefault(event.infrastructure, []).append(event.event_id)
if event.capability:
pivots["capability"].setdefault(event.capability, []).append(event.event_id)
if event.adversary:
pivots["adversary"].setdefault(event.adversary, []).append(event.event_id)
return {
k: {pk: pv for pk, pv in v.items() if len(pv) > 1}
for k, v in pivots.items()
}
def generate_report(self):
return {
"total_events": len(self.events),
"unique_adversaries": len(set(e.adversary for e in self.events if e.adversary)),
"unique_victims": len(set(e.victim for e in self.events if e.victim)),
"unique_infrastructure": len(set(e.infrastructure for e in self.events if e.infrastructure)),
"pivots": self.find_pivots(),
"events": [e.to_dict() for e in self.events],
}
Validation Criteria
- Diamond events capture all four core features with meta-features
- Activity threads link related events chronologically
- Pivot analysis identifies shared infrastructure and capabilities across events
- Graph visualization renders the activity-attack graph correctly
- Events map to MITRE ATT&CK techniques for capability classification
References
List & Monetize Your Skill
Submit your Claude Code skill and start earning
Use Cases
Exploratory Data Analysis
Quickly understand datasets, identify patterns, and generate insights
Example
Analyze CSV with 100K rows, identify outliers, visualize correlations, suggest hypotheses
Reduce EDA time from hours to minutes, uncover insights faster
Data Cleaning & Transformation
Write scripts to clean messy data, handle missing values, normalize formats
Example
Generate Python/SQL to fix date formats, impute missing values, remove duplicates
Automate 80% of data preprocessing work
Statistical Analysis
Perform hypothesis testing, regression, and statistical modeling
Example
Run A/B test analysis, calculate confidence intervals, interpret p-values
Get statistically sound analysis without PhD in statistics
Data Visualization
Create charts, dashboards, and visual reports
Example
Generate matplotlib/seaborn code for time series plots, distribution charts, heatmaps
Build presentation-ready visualizations 3x faster
Implementation Guide
Prerequisites
- ›Claude Desktop or compatible AI client
- ›Python environment (pandas, numpy, matplotlib) or SQL database access
- ›Basic understanding of data analysis concepts
- ›Sample datasets for testing skill capabilities
Time Estimate
20-40 minutes to set up and run first analysis
Steps
- 1Install data analysis skill using provided command
- 2Prepare a sample dataset (CSV, JSON, or database connection)
- 3Start with descriptive statistics: 'Summarize this dataset'
- 4Progress to visualization: 'Create a scatter plot of X vs Y'
- 5Advanced analysis: 'Run linear regression and interpret results'
- 6Validate outputs: check calculations, verify visualizations make sense
- 7Document analysis workflow for reproducibility
Common Pitfalls
- ⚠Not validating statistical assumptions before applying tests
- ⚠Accepting visualizations without checking data accuracy
- ⚠Overlooking data quality issues (missing values, outliers)
- ⚠Misinterpreting correlation as causation
- ⚠Using wrong statistical test for data distribution
- ⚠Not considering sample size and statistical power
Best Practices
✓ Do
- +Always validate data quality before analysis
- +Check statistical assumptions (normality, independence, etc.)
- +Visualize data before running statistical tests
- +Document analysis steps for reproducibility
- +Cross-validate findings with domain experts
- +Use skill for initial exploration, then dive deeper manually
- +Save generated code for reuse on similar datasets
✗ Don't
- −Don't trust analysis without verifying data quality
- −Don't apply statistical tests without checking assumptions
- −Don't make business decisions solely on AI-generated analysis
- −Don't ignore outliers without investigating cause
- −Don't skip data validation and sanity checks
- −Don't use for mission-critical financial or medical analysis without expert review
💡 Pro Tips
- ★Describe data context: 'This is user behavior data from e-commerce site'
- ★Ask for interpretation: 'What does this correlation mean for business?'
- ★Request multiple approaches: 'Show 3 ways to handle missing data'
- ★Combine AI analysis with domain expertise for best insights
- ★Use for rapid prototyping, then refine analysis manually
When to Use This
✓ Use when
Use for exploratory data analysis, data cleaning, statistical testing, visualization prototyping, and learning new analysis techniques. Best for initial exploration and rapid insights.
✗ Avoid when
Avoid for mission-critical financial analysis, medical research requiring regulatory compliance, production ML models, or when deep statistical expertise is required for nuanced interpretation.
Learning Path
- 1Basic: descriptive statistics, data cleaning, simple visualizations
- 2Intermediate: hypothesis testing, regression, correlation analysis
- 3Advanced: time series analysis, clustering, predictive modeling
- 4Expert: causal inference, experimental design, advanced statistical methods
Related Skills
generating-threat-intelligence-reports
2mukul975/Anthropic-Cybersecurity-Skills
executing-red-team-engagement-planning
1mukul975/Anthropic-Cybersecurity-Skills
performing-purple-team-atomic-testing
1mukul975/Anthropic-Cybersecurity-Skills
performing-cryptographic-audit-of-application
5mukul975/Anthropic-Cybersecurity-Skills
exploiting-deeplink-vulnerabilities
3mukul975/Anthropic-Cybersecurity-Skills
implementing-soar-playbook-with-palo-alto-xsoar
3mukul975/Anthropic-Cybersecurity-Skills
Reviews
- IIra Sharma★★★★★Dec 24, 2024
We added implementing-diamond-model-analysis from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- SShikha Mishra★★★★★Dec 16, 2024
Keeps context tight: implementing-diamond-model-analysis is the kind of skill you can hand to a new teammate without a long onboarding doc.
- SSakura Martinez★★★★★Dec 16, 2024
implementing-diamond-model-analysis is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
- OOmar Yang★★★★★Dec 8, 2024
Registry listing for implementing-diamond-model-analysis matched our evaluation — installs cleanly and behaves as described in the markdown.
- MMaya Nasser★★★★★Dec 4, 2024
Keeps context tight: implementing-diamond-model-analysis is the kind of skill you can hand to a new teammate without a long onboarding doc.
- MMateo Ramirez★★★★★Nov 27, 2024
Useful defaults in implementing-diamond-model-analysis — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
- SSoo Sanchez★★★★★Nov 15, 2024
Solid pick for teams standardizing on skills: implementing-diamond-model-analysis is focused, and the summary matches what you get after install.
- NNoah White★★★★★Oct 18, 2024
I recommend implementing-diamond-model-analysis for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
- AAarav Zhang★★★★★Oct 6, 2024
implementing-diamond-model-analysis has been reliable in day-to-day use. Documentation quality is above average for community skills.
- OOshnikdeep★★★★★Sep 21, 2024
Registry listing for implementing-diamond-model-analysis matched our evaluation — installs cleanly and behaves as described in the markdown.
showing 1-10 of 34
Discussion
Comments — not star reviews- No comments yet — start the thread.