Initial SOC memory POC implementation
This commit is contained in:
21
skills/summarize_case_skill/SKILL.md
Normal file
21
skills/summarize_case_skill/SKILL.md
Normal file
@ -0,0 +1,21 @@
|
||||
# summarize_case_skill
|
||||
|
||||
## Purpose
|
||||
Summarize one normalized SOC case into a high-quality Obsidian case note that can be reviewed and maintained by analysts.
|
||||
|
||||
## Inputs
|
||||
- A normalized case JSON document
|
||||
- Optional output directory for Obsidian notes
|
||||
|
||||
## Outputs
|
||||
- One markdown case note per case
|
||||
- Stable structure aligned with the vault template
|
||||
|
||||
## Guardrails
|
||||
- Do not dump raw logs or full tool traces
|
||||
- Keep only reusable evidence, conclusions, and response guidance
|
||||
- Prefer linked references to playbooks, KBs, and related cases
|
||||
- Preserve case identifiers and observable values exactly
|
||||
|
||||
## Current implementation
|
||||
Use `generate_case_note.py` to render a local markdown note from a normalized case.
|
||||
Reference in New Issue
Block a user