Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From huntress
Guides Huntress MCP tools for threat detection platform: HTTP Basic Auth, API structure, pagination with page tokens, 60 req/min rate limits, error handling, and tools for agents, incidents, organizations.
npx claudepluginhub wyre-technology/msp-claude-plugins --plugin huntressHow this skill is triggered — by the user, by Claude, or both
Slash command
/huntress:api-patternsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
The Huntress MCP server provides AI tool integration with the Huntress managed threat detection and response platform. It exposes tools covering account management, endpoint agents, organizations, incidents, escalations, billing, signals, and user management. The API uses HTTP Basic Auth with an API key and secret.
Manages Huntress security incidents: lists, triages, investigates, resolves them, and handles remediations with bulk approve/reject workflows.
Generates multi-tenant security and operational reports from LimaCharlie: billing summaries, usage roll-ups, detection trends, sensor health monitoring, configuration audits across organizations.
Guides SentinelOne Purple MCP tools: uvx install, Service User token auth, GraphQL/REST APIs, transport modes, rate limits, error handling for 23 read-only tools across Purple AI, alerts, vulnerabilities, assets.
Share bugs, ideas, or general feedback.
The Huntress MCP server provides AI tool integration with the Huntress managed threat detection and response platform. It exposes tools covering account management, endpoint agents, organizations, incidents, escalations, billing, signals, and user management. The API uses HTTP Basic Auth with an API key and secret.
Huntress authenticates using an API key and secret passed as HTTP headers:
| Header | Description |
|---|---|
X-Huntress-API-Key | Your Huntress API key |
X-Huntress-API-Secret | Your Huntress API secret |
Generate credentials at: Huntress Dashboard > Settings > API Credentials
Environment Variables:
export HUNTRESS_API_KEY="your-api-key"
export HUNTRESS_API_SECRET="your-api-secret"
IMPORTANT: Never hardcode credentials. Always use environment variables.
| Tool | Description |
|---|---|
huntress_navigate | Navigate to a specific resource |
huntress_status | Get current navigation status |
huntress_back | Navigate back to previous resource |
| Tool | Description |
|---|---|
huntress_accounts_get | Get account details |
huntress_accounts_actor | Get current authenticated actor info |
| Tool | Description |
|---|---|
huntress_agents_list | List endpoint agents with filters |
huntress_agents_get | Get details for a specific agent |
| Tool | Description |
|---|---|
huntress_organizations_list | List all organizations |
huntress_organizations_get | Get organization details |
huntress_organizations_create | Create a new organization |
huntress_organizations_update | Update an organization |
huntress_organizations_delete | Delete an organization |
| Tool | Description |
|---|---|
huntress_incidents_list | List incidents with filters |
huntress_incidents_get | Get incident details |
huntress_incidents_resolve | Resolve an incident |
huntress_incidents_remediations | List remediations for an incident |
huntress_incidents_remediation_get | Get specific remediation details |
huntress_incidents_bulk_approve | Bulk approve remediations |
huntress_incidents_bulk_reject | Bulk reject remediations |
| Tool | Description |
|---|---|
huntress_escalations_list | List escalations |
huntress_escalations_get | Get escalation details |
huntress_escalations_resolve | Resolve an escalation |
| Tool | Description |
|---|---|
huntress_billing_reports_list | List billing reports |
huntress_billing_reports_get | Get a specific billing report |
huntress_summary_reports_list | List summary reports |
huntress_summary_reports_get | Get a specific summary report |
| Tool | Description |
|---|---|
huntress_signals_list | List security signals |
huntress_signals_get | Get signal details |
| Tool | Description |
|---|---|
huntress_users_list | List users |
huntress_users_get | Get user details |
huntress_users_create | Create a user |
huntress_users_update | Update a user |
huntress_users_delete | Delete a user |
The Huntress API uses token-based pagination:
page_token to retrieve the next page of resultsnext_page_token if more results are availablenext_page_token is absent or nullExample workflow:
huntress_agents_list with no page_tokennext_page_token, call again with that tokennext_page_token is returnedHuntress enforces 60 requests per minute.
| Code | Meaning | Resolution |
|---|---|---|
| 401 | Unauthorized | Check API key and secret |
| 403 | Forbidden | Insufficient permissions |
| 404 | Not Found | Resource doesn't exist or wrong ID |
| 429 | Rate Limited | Wait and retry after delay |
| 500 | Server Error | Retry; contact support if persistent |
{
"error": {
"code": 401,
"message": "Invalid API credentials"
}
}
huntress_navigate, huntress_status, huntress_back) to manage stateful workflows