What types of detections can I view?

The skill covers the entire Singularity platform, including endpoint detections, cloud infrastructure (AWS/Azure/GCP), Kubernetes, Identity (AD/Entra), and IaC scanning.

How does the skill handle multiple client environments?

It is designed for MSP workflows, allowing you to filter alerts by siteName and accountName to maintain clear visibility across different client environments.

Can I resolve or modify alert statuses using this skill?

No, this skill provides read-only access to SentinelOne alerts. You can view, search, and investigate alerts, but modifications like status changes or assignments must be handled in the SentinelOne console.

Does it support advanced threat hunting queries?

Yes, the search_alerts tool uses GraphQL filters that support operations like CONTAINS, IN, and EQUALS, as well as negation for complex investigation scenarios.

SentinelOne Alert Management

Name: SentinelOne Alert Management
Author: wyre-technology

bywyre-technology

•

Security & Testing

Streamlines the triage and investigation of security alerts across SentinelOne environments for MSPs.

This skill enables security analysts and Managed Service Providers (MSPs) to manage the full SentinelOne alert lifecycle directly within Claude Code. It provides a unified interface for triaging detections from endpoints, cloud workloads, Kubernetes, and identity providers. Users can execute complex searches using GraphQL filters, review chronological alert histories, and access internal notes to prioritize critical threats and accelerate incident response across multiple client sites.

Key Features

013 GitHub stars

02Efficient cursor-based pagination for large-scale alert environments

03Full access to alert history timelines and analyst comments

04Multi-client alert triage with severity and status filtering

05Domain-specific views for Cloud, Identity, and Kubernetes security

06Advanced search using GraphQL syntax for granular threat hunting

Use Cases

01Investigating specific threat actors by searching alert names and MITRE ATT&CK techniques

02Rapidly triaging new high-severity alerts across multiple MSP client sites

03Generating security posture summaries and resolution metrics for client QBRs

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add wyre-technology/msp-claude-plugins alerts

For use in Claude.ai and ChatGPT

Download Skill