Stats

Actions

Tags

Help us improve

Share bugs, ideas, or general feedback.

Huntress Escalations | huntress

Skill

Huntress Escalations

Lists open Huntress SOC escalations, retrieves details, and resolves them using huntress_escalations_list, _get, and _resolve APIs. For MSP cybersecurity workflows.

$

npx claudepluginhub wyre-technology/msp-claude-plugins --plugin huntress

Popularity

Parent stars

24

Parent forks

13

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/huntress:escalations

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Escalations are high-priority notifications from the Huntress SOC to MSP partners. When the Huntress SOC identifies activity requiring partner attention or action, they create an escalation. MSPs must review escalations promptly and resolve them after taking appropriate action.

SKILL.md

151 lines · ~1k tokens

Similar Skills

Huntress Incidents

24

Manages Huntress security incidents: lists, triages, investigates, resolves them, and handles remediations with bulk approve/reject workflows.

Checkpoint Avanan Incidents

24

Manages Checkpoint Harmony Email (Avanan) security incident workflows: lifecycle, status transitions, triage, investigation, escalation, remediation, and closure.

checkpoint-avanan

soc

11

Unified SOC analyst workflow for CrowdStrike NGSIEM — triage alerts, investigate security events, hunt threats, and tune detections. Use when triaging alerts, investigating detections, running daily SOC review, or tuning for false positives.

17 files

crowdstrike-soc

Stats

LanguageTypeScript

Parent stars24

Parent forks13

MaintenanceExcellent

Last CommitApr 5, 2026

Actions

View Source View Plugin View on GitHub View README

Tags

incident-response

Help us improve

Share bugs, ideas, or general feedback.

Huntress Escalations

Overview

Escalations are high-priority notifications from the Huntress SOC to MSP partners. When the Huntress SOC identifies activity requiring partner attention or action, they create an escalation. MSPs must review escalations promptly and resolve them after taking appropriate action.

Key Concepts

Escalation vs Incident

Incidents are confirmed threats with recommended remediations
Escalations are SOC-to-partner communications requiring human review and decision-making
Escalations may be related to incidents but can also cover other situations

Escalation Priority

Escalations from the Huntress SOC indicate urgency. Treat all open escalations as time-sensitive communications requiring prompt review.

API Patterns

List Escalations

huntress_escalations_list

Parameters:

organization_id — Filter by organization
status — Filter by status
page_token — Pagination token

Example response:

{
  "escalations": [
    {
      "id": "esc-321",
      "title": "Active Ransomware — Immediate Action Required",
      "severity": "critical",
      "status": "open",
      "organization_id": "org-456",
      "created_at": "2026-02-26T09:00:00Z",
      "summary": "Huntress SOC has identified active ransomware encryption on ACME-WS-042. Immediate network isolation recommended."
    }
  ],
  "next_page_token": null
}

Get Escalation Details

huntress_escalations_get

Parameters:

escalation_id — The escalation ID

Example response:

{
  "escalation": {
    "id": "esc-321",
    "title": "Active Ransomware — Immediate Action Required",
    "severity": "critical",
    "status": "open",
    "organization_id": "org-456",
    "created_at": "2026-02-26T09:00:00Z",
    "summary": "Huntress SOC has identified active ransomware encryption on ACME-WS-042. Immediate network isolation recommended.",
    "details": "The Huntress SOC detected file encryption activity consistent with ransomware...",
    "recommended_actions": [
      "Isolate ACME-WS-042 from the network immediately",
      "Check for lateral movement to other endpoints",
      "Preserve forensic evidence before remediation"
    ],
    "related_incidents": ["inc-789"]
  }
}

Resolve Escalation

huntress_escalations_resolve

Parameters:

escalation_id — The escalation to resolve

Common Workflows

Escalation Review

List open escalations with huntress_escalations_list
Prioritize by severity
Get full details for each escalation
Review recommended actions
Take appropriate action (isolate, investigate, notify client)
Resolve the escalation

Escalation-Incident Correlation

Get escalation details to find related_incidents
Investigate related incidents with huntress_incidents_get
Handle remediations for related incidents
Resolve both the incident and escalation

Error Handling

Escalation Not Found

Cause: Invalid escalation ID Solution: List escalations to verify the correct ID

Escalation Already Resolved

Cause: Attempting to resolve an already-resolved escalation Solution: Check escalation status first

Best Practices

Check for new escalations multiple times daily
Treat all escalations as time-sensitive
Document actions taken before resolving
Correlate escalations with related incidents
Create PSA tickets for client-facing escalations
Track escalation response times for SLA compliance

Related Skills

api-patterns - Pagination and error handling
incidents - Related incidents
organizations - Client context
agents - Affected endpoints