Skill

Huntress Escalations

Lists open Huntress SOC escalations, retrieves details, and resolves them using huntress_escalations_list, _get, and _resolve APIs. For MSP cybersecurity workflows.

security

Install

npx claudepluginhub wyre-technology/msp-claude-plugins --plugin huntress

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Escalations are high-priority notifications from the Huntress SOC to MSP partners. When the Huntress SOC identifies activity requiring partner attention or action, they create an escalation. MSPs must review escalations promptly and resolve them after taking appropriate action.

SKILL.md

Similar Skills

ui-ux-pro-max

Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.

ui-ux-pro-max

57.6k

context7-mcp

Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.

context7-plugin

51.8k

market-sizing-analysis

2 files

Calculates TAM/SAM/SOM using top-down, bottom-up, and value theory methodologies for market sizing, revenue estimation, and startup validation.

startup-business-analyst

32.9k

Stats

Parent Repo Stars12

Parent Repo Forks8

Last CommitApr 5, 2026

Actions

View Source View Plugin View on GitHub View README

Huntress Escalations

Overview

Key Concepts

Escalation vs Incident

Incidents are confirmed threats with recommended remediations
Escalations are SOC-to-partner communications requiring human review and decision-making
Escalations may be related to incidents but can also cover other situations

Escalation Priority

Escalations from the Huntress SOC indicate urgency. Treat all open escalations as time-sensitive communications requiring prompt review.

API Patterns

List Escalations

huntress_escalations_list

Parameters:

organization_id — Filter by organization
status — Filter by status
page_token — Pagination token

Example response:

{
  "escalations": [
    {
      "id": "esc-321",
      "title": "Active Ransomware — Immediate Action Required",
      "severity": "critical",
      "status": "open",
      "organization_id": "org-456",
      "created_at": "2026-02-26T09:00:00Z",
      "summary": "Huntress SOC has identified active ransomware encryption on ACME-WS-042. Immediate network isolation recommended."
    }
  ],
  "next_page_token": null
}

Get Escalation Details

huntress_escalations_get

Parameters:

escalation_id — The escalation ID

Example response:

{
  "escalation": {
    "id": "esc-321",
    "title": "Active Ransomware — Immediate Action Required",
    "severity": "critical",
    "status": "open",
    "organization_id": "org-456",
    "created_at": "2026-02-26T09:00:00Z",
    "summary": "Huntress SOC has identified active ransomware encryption on ACME-WS-042. Immediate network isolation recommended.",
    "details": "The Huntress SOC detected file encryption activity consistent with ransomware...",
    "recommended_actions": [
      "Isolate ACME-WS-042 from the network immediately",
      "Check for lateral movement to other endpoints",
      "Preserve forensic evidence before remediation"
    ],
    "related_incidents": ["inc-789"]
  }
}

Resolve Escalation

huntress_escalations_resolve

Parameters:

escalation_id — The escalation to resolve

Common Workflows

Escalation Review

List open escalations with huntress_escalations_list
Prioritize by severity
Get full details for each escalation
Review recommended actions
Take appropriate action (isolate, investigate, notify client)
Resolve the escalation

Escalation-Incident Correlation

Get escalation details to find related_incidents
Investigate related incidents with huntress_incidents_get
Handle remediations for related incidents
Resolve both the incident and escalation

Error Handling

Escalation Not Found

Cause: Invalid escalation ID Solution: List escalations to verify the correct ID

Escalation Already Resolved

Cause: Attempting to resolve an already-resolved escalation Solution: Check escalation status first

Best Practices

Check for new escalations multiple times daily
Treat all escalations as time-sensitive
Document actions taken before resolving
Correlate escalations with related incidents
Create PSA tickets for client-facing escalations
Track escalation response times for SLA compliance

Related Skills

api-patterns - Pagination and error handling
incidents - Related incidents
organizations - Client context
agents - Affected endpoints