From ninjaone-rmm
Views, dismisses, and summarizes NinjaOne alerts. Understand severity levels and manage alert posture across devices and organizations.
How this skill is triggered — by the user, by Claude, or both
Slash command
/ninjaone-rmm:alertsWhen to use
When viewing active conditions, dismissing alerts, and understanding alert severity levels. Alerts indicate device issues that require technician attention. Use when: ninjaone alert, ninjarmm alert, ninja condition, device alert ninja, dismiss alert ninja, clear alert ninja, critical alert ninja, bulk dismiss alerts ninja, alert summary ninja, ninjaone alert count, or alerts by severity ninja.
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Alerts in NinjaOne indicate conditions on devices that require attention. They're generated by monitoring policies when thresholds are exceeded or conditions are detected.
Alerts in NinjaOne indicate conditions on devices that require attention. They're generated by monitoring policies when thresholds are exceeded or conditions are detected.
Conditions persist until resolved; alerts can be dismissed independently.
GET /api/v2/device/{id}/alerts
Authorization: Bearer {token}
Returns active alerts for a specific device.
DELETE /api/v2/alert/{uid}
Authorization: Bearer {token}
Dismisses an alert by its unique identifier. The underlying condition may still exist if not resolved.
Tool: ninjaone_alerts_reset_all
Dismisses all alerts for a specific device or organization. Use with care — this cannot be undone.
Key parameters:
device_id — Reset all alerts for a single deviceorganization_id — Reset all alerts for an entire organizationseverity — Optionally limit to a specific severity level: CRITICAL, MAJOR, MINOR, or NONEAt least one of device_id or organization_id must be provided. Typically used after scheduled maintenance windows to clear expected alerts.
Tool: ninjaone_alerts_summary
Returns a count of active alerts grouped by severity and/or organization.
Key parameter:
group_by — How to group counts: "severity" (default), "organization", or "both"Useful for dashboards and morning briefings to understand the overall alert posture at a glance without retrieving individual alerts.
{
"uid": "alert-uuid-12345",
"deviceId": 123,
"message": "Disk space on C: below 10%",
"severity": "CRITICAL",
"priority": "HIGH",
"sourceType": "CONDITION",
"sourceConfigUid": "condition-config-id",
"createTime": "2024-02-15T10:30:00Z"
}
| Severity | Description | Typical Response |
|---|---|---|
CRITICAL | Service impacting, requires immediate attention | Immediate |
MAJOR | Significant issue, high priority | Within 1 hour |
MODERATE | Notable issue, medium priority | Within 4 hours |
MINOR | Low impact issue | Within 24 hours |
NONE | Informational only | As time permits |
| Priority | Description |
|---|---|
HIGH | Escalate immediately |
MEDIUM | Standard priority |
LOW | Address when convenient |
NONE | No action required |
| Condition | Typical Threshold | Severity |
|---|---|---|
| Disk space low | < 10% free | CRITICAL |
| Disk space warning | < 20% free | MAJOR |
| Memory pressure | > 90% used | MAJOR |
| CPU sustained high | > 95% for 15 min | MODERATE |
| SMART disk warning | Any SMART error | MAJOR |
| Condition | Description | Severity |
|---|---|---|
| Service stopped | Critical service not running | CRITICAL |
| Service restart loop | Multiple restarts detected | MAJOR |
| Service degraded | Running but errors detected | MODERATE |
| Condition | Description | Severity |
|---|---|---|
| Antivirus disabled | Protection not running | CRITICAL |
| Definitions outdated | AV definitions old | MAJOR |
| Failed login attempts | Multiple failures | MODERATE |
| Firewall disabled | Windows firewall off | MAJOR |
| Condition | Description | Severity |
|---|---|---|
| Device offline | No agent contact | CRITICAL |
| Intermittent connection | Frequent reconnects | MODERATE |
| High latency | Network performance issues | MINOR |
Configure webhooks to receive real-time alert notifications:
PUT /api/v2/webhook
Content-Type: application/json
{
"url": "https://your-server.com/webhook/ninjaone",
"events": ["ALERT_TRIGGERED", "ALERT_CLEARED"]
}
DELETE /api/v2/webhook
{
"event": "ALERT_TRIGGERED",
"alert": {
"uid": "alert-uuid",
"deviceId": 123,
"message": "Disk space critical",
"severity": "CRITICAL"
},
"device": {
"id": 123,
"displayName": "SERVER-01",
"organizationId": 456
},
"timestamp": "2024-02-15T10:30:00Z"
}
After scheduled maintenance:
| Code | Description | Resolution |
|---|---|---|
| 404 | Alert not found | May already be dismissed |
| 403 | Access denied | Check organization permissions |
| 400 | Invalid request | Verify alert UID format |
npx claudepluginhub wyre-technology/msp-claude-plugins --plugin ninjaone-rmmManages Atera alerts: viewing, acknowledging, resolving, and converting alerts to tickets for MSP monitoring.
Manages Datto RMM alerts: viewing, resolving, and handling all 25+ alert context types including antivirus, eventlog, disk usage, ransomware. Covers priorities and resolution workflows.
Lists, filters, acknowledges, and resolves SuperOps.ai RMM alerts by severity, status, and type. Useful for MSP technicians managing monitored asset alerts.