From huntress
Provides patterns for the Huntress MCP API including authentication, pagination, rate limiting, and error handling. Activates when working with Huntress tools or API.
How this skill is triggered — by the user, by Claude, or both
Slash command
/huntress:api-patternsWhen to use
When working with available tools, authentication via HTTP Basic Auth, API structure, pagination with page tokens, rate limiting (60 req/min), error handling. Use when: huntress api, huntress authentication, huntress pagination, huntress rate limit, huntress mcp, huntress tools, huntress request, huntress error, or huntress connection.
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
The Huntress MCP server provides AI tool integration with the Huntress managed threat detection and response platform. It exposes tools covering account management, endpoint agents, organizations, incidents, escalations, billing, signals, and user management. The API uses HTTP Basic Auth with an API key and secret.
The Huntress MCP server provides AI tool integration with the Huntress managed threat detection and response platform. It exposes tools covering account management, endpoint agents, organizations, incidents, escalations, billing, signals, and user management. The API uses HTTP Basic Auth with an API key and secret.
Huntress authenticates using an API key and secret passed as HTTP headers:
| Header | Description |
|---|---|
X-Huntress-API-Key | Your Huntress API key |
X-Huntress-API-Secret | Your Huntress API secret |
Generate credentials at: Huntress Dashboard > Settings > API Credentials
Environment Variables:
export HUNTRESS_API_KEY="your-api-key"
export HUNTRESS_API_SECRET="your-api-secret"
IMPORTANT: Never hardcode credentials. Always use environment variables.
| Tool | Description |
|---|---|
huntress_navigate | Navigate to a specific resource |
huntress_status | Get current navigation status |
huntress_back | Navigate back to previous resource |
| Tool | Description |
|---|---|
huntress_accounts_get | Get account details |
huntress_accounts_actor | Get current authenticated actor info |
| Tool | Description |
|---|---|
huntress_agents_list | List endpoint agents with filters |
huntress_agents_get | Get details for a specific agent |
| Tool | Description |
|---|---|
huntress_organizations_list | List all organizations |
huntress_organizations_get | Get organization details |
huntress_organizations_create | Create a new organization |
huntress_organizations_update | Update an organization |
huntress_organizations_delete | Delete an organization |
| Tool | Description |
|---|---|
huntress_incidents_list | List incidents with filters |
huntress_incidents_get | Get incident details |
huntress_incidents_resolve | Resolve an incident |
huntress_incidents_remediations | List remediations for an incident |
huntress_incidents_remediation_get | Get specific remediation details |
huntress_incidents_bulk_approve | Bulk approve remediations |
huntress_incidents_bulk_reject | Bulk reject remediations |
| Tool | Description |
|---|---|
huntress_escalations_list | List escalations |
huntress_escalations_get | Get escalation details |
huntress_escalations_resolve | Resolve an escalation |
| Tool | Description |
|---|---|
huntress_billing_reports_list | List billing reports |
huntress_billing_reports_get | Get a specific billing report |
huntress_summary_reports_list | List summary reports |
huntress_summary_reports_get | Get a specific summary report |
| Tool | Description |
|---|---|
huntress_signals_list | List security signals |
huntress_signals_get | Get signal details |
| Tool | Description |
|---|---|
huntress_users_list | List users |
huntress_users_get | Get user details |
huntress_users_create | Create a user |
huntress_users_update | Update a user |
huntress_users_delete | Delete a user |
The Huntress API uses token-based pagination:
page_token to retrieve the next page of resultsnext_page_token if more results are availablenext_page_token is absent or nullExample workflow:
huntress_agents_list with no page_tokennext_page_token, call again with that tokennext_page_token is returnedHuntress enforces 60 requests per minute.
| Code | Meaning | Resolution |
|---|---|---|
| 401 | Unauthorized | Check API key and secret |
| 403 | Forbidden | Insufficient permissions |
| 404 | Not Found | Resource doesn't exist or wrong ID |
| 429 | Rate Limited | Wait and retry after delay |
| 500 | Server Error | Retry; contact support if persistent |
{
"error": {
"code": 401,
"message": "Invalid API credentials"
}
}
huntress_navigate, huntress_status, huntress_back) to manage stateful workflowsnpx claudepluginhub wyre-technology/msp-claude-plugins --plugin huntressManages Huntress organizations — creates, lists, updates, and deletes orgs for MSP multi-tenant client structure.
Unified SOC analyst workflow for CrowdStrike NGSIEM — triage alerts, investigate security events, hunt threats, and tune detections. Use when triaging alerts, investigating detections, running daily SOC review, or tuning for false positives.
Unified SOC analyst workflow for CrowdStrike NGSIEM — triage alerts, investigate security events, hunt threats, and tune detections. Agent-delegated architecture: Haiku for mechanical tasks, Sonnet for substantive work, Opus for judgment.