Manage Huntress MDR security operations across MSP client organizations: triage incidents, review SOC escalations, monitor endpoint agent health, generate billing reports, and validate onboarding.
List and filter Huntress agents across organizations
Generate a Huntress billing summary for a period
Triage open Huntress incidents by severity
Deep dive investigation into a specific Huntress incident with remediations
Organization health check covering agents, incidents, and escalations
Use this agent when validating a newly onboarded client in Huntress — checking that agents are deployed and reporting, confirming SOC coverage is active, identifying any endpoints missing agents, and surfacing initial detections that fired during or after deployment. Trigger for: Huntress onboarding, new client Huntress, validate Huntress deployment, check agent coverage, Huntress org setup, verify Huntress coverage, Huntress new org, onboarding validation, agent deployment check, Huntress initial scan. Examples: "Validate the Huntress onboarding for Acme Corp", "Did all endpoints get a Huntress agent during the Globex rollout?", "Check if Huntress is fully active for our new client", "Show me any detections that fired for the new client in the first 48 hours"
Use this agent when triaging Huntress incidents, reviewing SOC escalations, approving or rejecting endpoint remediations, investigating security signals, or managing the Huntress agent fleet across MSP client organizations. Trigger for: Huntress incident, Huntress remediation, SOC escalation Huntress, approve remediation, reject remediation, Huntress triage, endpoint threat Huntress, Huntress organization, agent health Huntress, Huntress signals. Examples: "Show me all open Huntress incidents", "Review and approve remediations for this critical incident", "The SOC has escalated an active ransomware event — what do I need to do?", "Check agent coverage across all client organizations"
Use this skill when working with Huntress escalations — listing, reviewing, and resolving escalations from the Huntress SOC team.
Use this skill when managing Huntress endpoint agents — listing agents, filtering by organization or platform, checking agent health and status, and investigating specific agent details.
Use this skill when working with the Huntress MCP tools — available tools, authentication via HTTP Basic Auth, API structure, pagination with page tokens, rate limiting (60 req/min), error handling, and best practices.
Use this skill when generating Huntress billing and summary reports — listing available reports, retrieving billing details, and creating client-facing summaries for MSP invoicing.
Use this skill when working with Huntress incidents - querying incidents by organization and status, reviewing SOC-recommended remediation details, approving or rejecting remediations individually or in bulk, checking remediation execution status, and resolving incidents after all remediations are processed.
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
One command to supercharge Claude Code for MSP workflows.
/plugin marketplace add wyre-technology/msp-claude-plugins
Then restart Claude Code. That's it.
Documentation: mcp.wyre.ai
Thirty-three vendor-specific plugins with domain knowledge for PSA, RMM, documentation, security, accounting, CRM, and productivity tools:
| Plugin | Description |
|---|---|
| Autotask PSA | Kaseya Autotask PSA - tickets, service calls, CRM, projects, contracts, billing |
| Datto RMM | Datto remote monitoring - devices, alerts, jobs, patches |
| IT Glue | IT documentation - organizations, assets, passwords, flexible assets |
| Hudu | IT documentation - companies, assets, articles, passwords, websites |
| RocketCyber | Managed SOC - incidents, agents, events, threat detection |
| Syncro | All-in-one PSA/RMM - tickets, customers, assets, invoicing |
| Atera | RMM/PSA platform - tickets, agents, customers, alerts, SNMP/HTTP monitors |
| SuperOps.ai | Modern PSA/RMM with GraphQL - tickets, assets, clients, runbooks |
| HaloPSA | Enterprise PSA with OAuth - tickets, clients, assets, contracts |
| Liongard | Configuration monitoring - environments, inspections, systems, detections, alerts |
| ConnectWise Manage | Industry-leading PSA - tickets, companies, contacts, projects, time (cloud and self-hosted) |
| ConnectWise Automate | Enterprise RMM - computers, clients, scripts, monitors, alerts |
| NinjaOne | NinjaOne RMM - devices, organizations, alerts, ticketing |
| SalesBuildr | Sales CRM - contacts, companies, opportunities, quotes |
| Pax8 | Cloud marketplace - companies, products, subscriptions, orders, invoices |
| Xero | Accounting - contacts, invoices, payments, accounts, reports |
| QuickBooks Online | Accounting - customers, invoices, expenses, payments, reports |
| Microsoft 365 | M365 admin - users, mailboxes, Teams, OneDrive, licensing, security |
| Rootly | Incident management - incidents, alerts, on-call, AI analysis, postmortems |
| Huntress | Managed threat detection and response - agents, incidents, reports |
| Blumira | Cloud SIEM - detections, findings, alerts, automated response |
| SentinelOne | XDR platform - endpoints, threats, incidents, Purple AI integration |
| Abnormal Security | AI-native email security - threats, cases, abuse mailbox |
| Avanan | Check Point Harmony Email & Collaboration - email security, DLP |
| Ironscales | AI-powered anti-phishing - incidents, simulations, threat intel |
| Mimecast | Email security - message tracking, threat protection, compliance |
| SpamTitan | Email security by TitanHQ - spam filtering, quarantine, policies |
| Proofpoint | Targeted Attack Protection - threat intel, campaigns, forensics |
| KnowBe4 | Security awareness training - phishing simulations, PhishER, training |
| HubSpot | CRM platform - contacts, companies, deals, tickets, marketing |
| PandaDoc | Document automation - proposals, quotes, e-signatures, templates |
| BetterStack | Uptime monitoring and on-call - monitors, incidents, heartbeats |
| PagerDuty | Incident management and on-call - incidents, services, escalations |
Plus shared skills for MSP terminology, ticket triage, cross-vendor incident correlation, and billing reconciliation.
npx claudepluginhub wyre-technology/msp-claude-plugins --plugin huntressClaude plugins for Checkpoint Harmony Email & Collaboration (Avanan) - email security, anti-phishing, threat detection, quarantine management
Vendor-agnostic MSP skills — terminology, ticket triage, incident correlation, and billing reconciliation
Claude plugins for Better Stack - uptime monitoring, incident management, status pages, on-call schedules, and log management (Logtail) for MSPs
Claude plugins for KnowBe4 - security awareness training, phishing simulation, user risk management
Claude plugins for RunZero - asset discovery, network scanning, service inventory, OS fingerprinting, wireless detection, and vulnerability reporting for MSPs
Claude plugins for RocketCyber managed SOC - incidents, agents, accounts, threat detection
Advanced LimaCharlie skills for MSSP reporting, fleet coverage, threat intelligence, adapter management, IaC, onboarding, and HTML dashboards. Requires lc-essentials plugin.
SentinelOne SecOps skills for Claude: PowerQuery threat hunting and STAR/Custom Detection rules; Management Console API; Singularity Data Lake API; SDL dashboards; log parsing (OCSF); Hyperautomation SOAR; z-score anomaly baselining; autonomous DFIR alert investigation (soc-investigator); and one-prompt SDL solutions: source onboarding, asset enrichment, UEBA, ingest health, detection exclusions, Risk-Based Alerting, alert noise reduction, and Detection as Code.
Unified SOC analyst workflow for CrowdStrike NGSIEM — triage alerts, investigate security events, hunt threats, tune detections, and manage cases through a phased lifecycle.
Agentic SOC Platform integration for Claude Code
Upstash Context7 MCP server for up-to-date documentation lookup. Pull version-specific documentation and code examples directly from source repositories into your LLM context.