Triage SentinelOne alerts by severity, investigate incidents with Purple AI analysis and timelines, hunt threats via natural language PowerQueries on Singularity Data Lake, review cloud misconfigurations across AWS/Azure/GCP/K8s, track vulnerabilities by EPSS/CVEs, and audit endpoint/cloud asset inventories for MSP security workflows.
npx claudepluginhub wyre-technology/msp-claude-plugins --plugin sentineloneTriage new and unresolved SentinelOne alerts by severity
Asset inventory summary by surface type across managed environments
Threat hunting via Purple AI and PowerQuery execution
Deep investigation of a specific SentinelOne alert with timeline and context
Cloud security posture review with compliance gap analysis
Generate a vulnerability summary report with severity breakdown and top CVEs
Use this skill when working with SentinelOne alerts - triaging new alerts, investigating specific alerts, searching by severity or status, reviewing alert timelines, and managing alert workflows across MSP client environments. Covers all alert tools, severity levels, status values, view types, GraphQL filter syntax, and cursor-based pagination.
Use this skill when working with the SentinelOne Purple MCP tools - available tools, connection setup, uvx-based installation, Service User token authentication, transport modes, dual API architecture (GraphQL and REST), rate limits, error handling, and best practices. Covers all 23 Purple MCP tools organized by domain.
Use this skill when working with SentinelOne unified asset inventory - endpoints, cloud resources, identities, and network-discovered devices. Covers inventory tools, surface types, REST API with offset-based pagination, filter types, asset fields, and inventory audit workflows for MSP client environments.
Use this skill when working with SentinelOne XSPM misconfigurations - cloud security posture management across AWS, Azure, GCP, Kubernetes, identity, and infrastructure-as-code. Covers misconfiguration detection, compliance standards, MITRE ATT&CK mappings, remediation steps, evidence details, and posture review workflows for MSP clients.
Use this skill when working with SentinelOne Purple AI - natural language cybersecurity investigation, threat hunting, behavioral anomaly analysis, MITRE ATT&CK TTP mapping, and PowerQuery generation. Covers the purple_ai tool, best practices for prompting, common investigation queries, and integration with PowerQuery execution.
Use this skill when working with SentinelOne PowerQuery and the Singularity Data Lake - executing threat hunting queries, understanding PowerQuery pipeline syntax, managing time ranges, and analyzing query results. Covers the powerquery, get_timestamp_range, and iso_to_unix_timestamp tools, query syntax reference, common hunting scenarios, and integration with Purple AI for query generation.
Use this skill when working with SentinelOne XSPM vulnerabilities - tracking CVEs, reviewing EPSS scores, assessing exploit maturity, managing vulnerability status, prioritizing patches, and generating vulnerability reports across MSP client environments. Covers all vulnerability tools, status values, severity levels, and remediation workflows.
Upstash Context7 MCP server for up-to-date documentation lookup. Pull version-specific documentation and code examples directly from source repositories into your LLM context.
External network access
Connects to servers outside your machine
Requires secrets
Needs API keys or credentials to function
One command to supercharge Claude Code for MSP workflows.
/plugin marketplace add wyre-technology/msp-claude-plugins
Then restart Claude Code. That's it.
Documentation: mcp.wyretechnology.com
Thirty-three vendor-specific plugins with domain knowledge for PSA, RMM, documentation, security, accounting, CRM, and productivity tools:
| Plugin | Description |
|---|---|
| Autotask PSA | Kaseya Autotask PSA - tickets, service calls, CRM, projects, contracts, billing |
| Datto RMM | Datto remote monitoring - devices, alerts, jobs, patches |
| IT Glue | IT documentation - organizations, assets, passwords, flexible assets |
| Hudu | IT documentation - companies, assets, articles, passwords, websites |
| RocketCyber | Managed SOC - incidents, agents, events, threat detection |
| Syncro | All-in-one PSA/RMM - tickets, customers, assets, invoicing |
| Atera | RMM/PSA platform - tickets, agents, customers, alerts, SNMP/HTTP monitors |
| SuperOps.ai | Modern PSA/RMM with GraphQL - tickets, assets, clients, runbooks |
| HaloPSA | Enterprise PSA with OAuth - tickets, clients, assets, contracts |
| Liongard | Configuration monitoring - environments, inspections, systems, detections, alerts |
| ConnectWise Manage | Industry-leading PSA - tickets, companies, contacts, projects, time (cloud and self-hosted) |
| ConnectWise Automate | Enterprise RMM - computers, clients, scripts, monitors, alerts |
| NinjaOne | NinjaOne RMM - devices, organizations, alerts, ticketing |
| SalesBuildr | Sales CRM - contacts, companies, opportunities, quotes |
| Pax8 | Cloud marketplace - companies, products, subscriptions, orders, invoices |
| Xero | Accounting - contacts, invoices, payments, accounts, reports |
| QuickBooks Online | Accounting - customers, invoices, expenses, payments, reports |
| Microsoft 365 | M365 admin - users, mailboxes, Teams, OneDrive, licensing, security |
| Rootly | Incident management - incidents, alerts, on-call, AI analysis, postmortems |
| Huntress | Managed threat detection and response - agents, incidents, reports |
| Blumira | Cloud SIEM - detections, findings, alerts, automated response |
| SentinelOne | XDR platform - endpoints, threats, incidents, Purple AI integration |
| Abnormal Security | AI-native email security - threats, cases, abuse mailbox |
| Avanan | Check Point Harmony Email & Collaboration - email security, DLP |
| Ironscales | AI-powered anti-phishing - incidents, simulations, threat intel |
| Mimecast | Email security - message tracking, threat protection, compliance |
| SpamTitan | Email security by TitanHQ - spam filtering, quarantine, policies |
| Proofpoint | Targeted Attack Protection - threat intel, campaigns, forensics |
| KnowBe4 | Security awareness training - phishing simulations, PhishER, training |
| HubSpot | CRM platform - contacts, companies, deals, tickets, marketing |
| PandaDoc | Document automation - proposals, quotes, e-signatures, templates |
| BetterStack | Uptime monitoring and on-call - monitors, incidents, heartbeats |
| PagerDuty | Incident management and on-call - incidents, services, escalations |
Plus shared skills for MSP terminology, ticket triage, cross-vendor incident correlation, and billing reconciliation.
Semantic search for Claude Code conversations. Remember past discussions, decisions, and patterns.
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.