Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From huntress
Manages Huntress security incidents: lists, triages, investigates, resolves them, and handles remediations with bulk approve/reject workflows.
npx claudepluginhub wyre-technology/msp-claude-plugins --plugin huntressHow this skill is triggered — by the user, by Claude, or both
Slash command
/huntress:incidentsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Incidents are the core security events in Huntress, generated by the Huntress SOC team when threats are confirmed on managed endpoints. Each incident includes severity, affected hosts, investigation details, and recommended remediations. MSPs must triage, investigate, and resolve incidents — often approving or rejecting SOC-recommended remediations.
Lists open Huntress SOC escalations, retrieves details, and resolves them using huntress_escalations_list, _get, and _resolve APIs. For MSP cybersecurity workflows.
Manages Checkpoint Harmony Email (Avanan) security incident workflows: lifecycle, status transitions, triage, investigation, escalation, remediation, and closure.
Manages RocketCyber security incidents through searching, triaging, investigating, and resolving. Covers lifecycle states, verdicts (Malicious/Suspicious/Benign), severity levels, SOC triage patterns, and PSA ticket correlation.
Share bugs, ideas, or general feedback.
Incidents are the core security events in Huntress, generated by the Huntress SOC team when threats are confirmed on managed endpoints. Each incident includes severity, affected hosts, investigation details, and recommended remediations. MSPs must triage, investigate, and resolve incidents — often approving or rejecting SOC-recommended remediations.
Huntress SOC provides recommended remediations for each incident. MSPs can:
huntress_incidents_list
Parameters:
organization_id — Filter by organizationstatus — Filter by status (open, resolved)page_token — Pagination tokenExample response:
{
"incidents": [
{
"id": "inc-789",
"title": "Persistent Footholds: Malicious Scheduled Task",
"severity": "critical",
"status": "open",
"organization_id": "org-456",
"created_at": "2026-02-26T08:15:00Z",
"affected_hosts": ["ACME-WS-042"],
"remediations_count": 2
}
],
"next_page_token": null
}
huntress_incidents_get
Parameters:
incident_id — The incident IDhuntress_incidents_resolve
Parameters:
incident_id — The incident to resolvehuntress_incidents_remediations
Parameters:
incident_id — The incident IDExample response:
{
"remediations": [
{
"id": "rem-001",
"type": "scheduled_task_removal",
"description": "Remove malicious scheduled task 'WindowsUpdate'",
"status": "pending",
"host": "ACME-WS-042"
},
{
"id": "rem-002",
"type": "file_quarantine",
"description": "Quarantine C:\\Windows\\Temp\\payload.exe",
"status": "pending",
"host": "ACME-WS-042"
}
]
}
huntress_incidents_remediation_get
Parameters:
incident_id — The incident IDremediation_id — The remediation IDhuntress_incidents_bulk_approve
Parameters:
incident_id — The incident IDremediation_ids — List of remediation IDs to approvehuntress_incidents_bulk_reject
Parameters:
incident_id — The incident IDremediation_ids — List of remediation IDs to rejectreason — Reason for rejectionhuntress_incidents_list with status=openhuntress_incidents_gethuntress_incidents_remediationshuntress_incidents_bulk_approveCause: Invalid incident ID or incident already deleted Solution: List incidents to verify the correct ID
Cause: Attempting to approve/reject an already-processed remediation Solution: Check remediation status before processing
Cause: Trying to resolve an incident with unprocessed remediations Solution: Approve or reject all remediations before resolving