Skill Marketplace

Forward OpenSyber security events to Slack channels with rich formatting. Supports severity-based routing, thread grouping for related incidents, and interactive buttons for quick acknowledgment and escalation. Configurable alert thresholds and quiet hours.

Continuously monitors installed packages for known CVEs using the OSV and NVD databases. Generates SBOM (Software Bill of Materials) in CycloneDX format. Flags critical and high severity vulnerabilities with upgrade paths and patching recommendations.

Pre-commit and pre-push hook enforcement for your repositories. Blocks commits containing secrets, large binary files, or force-pushes to protected branches. Validates commit message format and ensures branch naming conventions.

Monitors npm, PyPI, and Go module installations for supply chain attack indicators. Detects typosquatting, suspicious postinstall scripts, unexpected network calls, and known malicious packages using the Socket.dev threat feed and OpenSyber threat intelligence.

Intelligent log parsing and anomaly detection. Ingests syslog, JSON, and structured log formats. Uses statistical analysis to identify unusual patterns, failed authentication spikes, and potential intrusion indicators. Forwards critical findings to the OpenSyber alert pipeline.

Audits Docker containers and Kubernetes pods for security misconfigurations. Checks for root user execution, excessive capabilities, missing seccomp profiles, writable filesystems, and exposed ports. Generates CIS Docker Benchmark compliance reports.

Streams OpenSyber agent security events to your SIEM platform in real-time. Supports Splunk HEC, Datadog Logs, and Elastic Common Schema (ECS) formats. Maps OpenSyber event types to SIEM-native severity levels, adds enrichment fields (agent name, developer, workspace), and batches events for efficient delivery with configurable flush intervals.

Real-time network traffic analysis for your agent environment. Detects suspicious outbound connections, DNS exfiltration attempts, port scanning, and lateral movement patterns. Integrates with the OpenSyber alert pipeline for instant notifications.

Automated compliance report generation for SOC 2, ISO 27001, HIPAA, and GDPR frameworks. Collects evidence from your OpenSyber agent, maps controls to framework requirements, and exports PDF reports with executive summaries suitable for auditor review.

Cursor IDE-specific telemetry for AI agent security monitoring. Tracks file edits made by Cursor AI, AI completion acceptance rates, context window usage, and prompt injection attempts. Correlates Cursor activity with file sensitivity classifications to detect unauthorized access to credentials, configs, and production code.

Static analysis for Infrastructure as Code templates. Scans Terraform, CloudFormation, Pulumi, and Kubernetes manifests for security misconfigurations, overly permissive IAM policies, unencrypted storage, and public-facing resources before deployment.

Automatic incident escalation to PagerDuty when critical security events are detected. Maps OpenSyber severity levels to PagerDuty urgency tiers. Supports incident deduplication, auto-resolution on remediation, and custom routing rules per alert type.

Automated API security testing that discovers vulnerabilities by sending malformed requests to your endpoints. Tests for injection flaws, authentication bypasses, rate limit evasion, and OWASP Top 10 API vulnerabilities. Generates detailed reports with proof-of-concept payloads.

Connects OpenSyber agent activity monitoring to HashiCorp Vault and AWS Secrets Manager. When an agent accesses a secret, the bridge checks if the secret was retrieved through the approved vault workflow or accessed directly from disk. Flags direct credential file access as policy violations and generates JIT access requests for vault-managed secrets.