From huntress
Queries Huntress MCP to compile a unified health summary for a managed organization, covering agent status, open incidents, and pending escalations.
How this command is triggered — by the user, by Claude, or both
Slash command
/huntress:org-health <organization_id>The summary Claude sees in its command listing — used to decide when to auto-load this command
# Organization Health Check Comprehensive health check for a Huntress organization, covering agent status, open incidents, and pending escalations. Provides an at-a-glance view of a client's security posture. ## Prerequisites - Huntress MCP server connected with valid API credentials - MCP tools for agents, incidents, escalations, and organizations available ## Steps 1. **Get organization details** Call `huntress_organizations_get` with the specified `organization_id`. 2. **List agents for the organization** Call `huntress_agents_list` filtered by `organization_id`. Summarize ...
Comprehensive health check for a Huntress organization, covering agent status, open incidents, and pending escalations. Provides an at-a-glance view of a client's security posture.
Get organization details
Call huntress_organizations_get with the specified organization_id.
List agents for the organization
Call huntress_agents_list filtered by organization_id. Summarize total count, online/offline status, and platform distribution.
List open incidents
Call huntress_incidents_list filtered by organization_id and status=open. Summarize by severity.
List open escalations
Call huntress_escalations_list filtered by organization_id and open status. Highlight any pending items.
Compile health summary
Present a unified view: agent health, incident load, escalation status, and overall risk assessment.
| Parameter | Type | Required | Description |
|---|---|---|---|
| organization_id | string | Yes | The organization ID to check |
/org-health --organization_id "org-456"
huntress_organizations_list to find it/incident-triage - Triage incidents across all organizations/agent-inventory - Detailed agent listing/billing-report - Billing details for the organizationnpx claudepluginhub wyre-technology/msp-claude-plugins --plugin huntress/account-summaryRetrieves a RocketCyber customer security posture summary: agent status, active incidents by severity/verdict, 30-day trend, and optional app inventory.
/security-postureReviews overall security posture by querying open findings by severity, agent/device coverage, and resolution trends over a configurable lookback period.
/reporting-templatesDisplays menu of pre-defined report templates for MSSP executive summary, customer health dashboard, monthly billing, and detection analytics. Outputs formatted markdown/tables or optional HTML.
/alert-triageTriages new SentinelOne alerts by severity, producing a summary table with counts per severity level and highlighting critical items requiring immediate attention.