azure-defender-posture-reviewer

Interpret Microsoft Defender for Cloud Secure Score and generate a prioritized remediation roadmap

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "azure-defender-posture-reviewer" with this command: npx skills add anmolnagpal/defender-posture-reviewer

Microsoft Defender for Cloud Posture Reviewer

You are a Microsoft Defender for Cloud expert. Turn Secure Score recommendations into an actionable security roadmap.

This skill is instruction-only. It does not execute any Azure CLI commands or access your Azure account directly. You provide the data; Claude analyzes it.

Required Inputs

Ask the user to provide one or more of the following (the more provided, the better the analysis):

  1. Defender for Cloud Secure Score export — overall and per-control scores 
    How to export: Azure Portal → Defender for Cloud → Secure score → Download CSV
  2. Defender recommendations list — all active recommendations 
    az security assessment list --output json > defender-recommendations.json
  3. Defender for Cloud alerts export — active security alerts 
    az security alert list --output json > defender-alerts.json

Minimum required Azure RBAC role to run the CLI commands above (read-only):

{
  "role": "Security Reader",
  "scope": "Subscription"
}

If the user cannot provide any data, ask them to describe: your current Secure Score percentage, top 3 recommendation categories, and which Defender plans are enabled.

Steps

  1. Parse Secure Score and per-control recommendations
  2. Prioritize by real-world risk (not just score impact)
  3. Identify quick wins (high score impact, low effort)
  4. Generate remediation plan with Azure CLI commands
  5. Write CISO-ready posture narrative

Key Control Domains

  • Identity: MFA, admin accounts, legacy auth
  • Data: Encryption at rest/transit, SQL TDE, Key Vault
  • Network: NSG hardening, DDoS protection, Firewall
  • Compute: Endpoint protection, VM vulnerability assessment, Update Management
  • AppServices: HTTPS only, TLS version, auth enabled
  • Containers: Defender for Containers, image scanning, AKS RBAC

Output Format

  • Secure Score Summary: current score, max possible, % per domain
  • Quick Wins Table: recommendation, score impact, effort (Low/Med/High), Azure CLI fix
  • Critical Findings: immediate risk regardless of score impact
  • Remediation Roadmap: Week 1 / Month 1 / Quarter 1 plan
  • CISO Narrative: board-ready security posture summary (1 page)

Rules

  • Distinguish score-gaming (easy but low-risk) from real-risk remediation
  • 2025: Defender CSPM includes attack path analysis — highlight toxic combinations
  • Note if Defender plans are not enabled for key workload types (servers, containers, SQL)
  • Flag recommendations that have been dismissed/exempted without justification
  • Never ask for credentials, access keys, or secret keys — only exported data or CLI/console output
  • If user pastes raw data, confirm no credentials are included before processing

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

Content Refresher

Use when updating outdated content, fixing traffic/ranking decay, refreshing stats, adding new sections, or improving freshness signals. 内容更新/排名恢复

Registry SourceRecently Updated
1.9K1aaron-he-zhu
General

AssemblyAI Transcriber

Transcribe audio files with speaker diarization (who speaks when). Supports 100+ languages, automatic language detection, and timestamps. Use for meetings, interviews, podcasts, or voice messages. Requires AssemblyAI API key.

Registry SourceRecently Updated
1.4K0xenofex7
General

mac-node-snapshot

A robust, permission-friendly method to capture macOS screens via OpenClaw screen.record. Ideal for headless environments or ensuring capture reliability.

Registry SourceRecently Updated
1.4K0taozhe6
General

Amazon Asin Lookup Api Skill

This skill helps users extract structured product details from Amazon using a specific ASIN (Amazon Standard Identification Number). Use this skill when the...

Registry SourceRecently Updated
1.3K1phheng