Huntress Low Code Plugin

[Deenk]

🔌 Plugin overview

• Plugin name: Huntress
• Purpose / problem solved: Monitor agents, incident reports, escalations, platform actions, signals, and externally exposed ports across your Huntress Managed Security Platform from SquaredUp.
• Primary audience: Security teams, MSPs, and IT administrators using Huntress for endpoint detection and response.
• Authentication method(s): HTTP Basic Auth (Huntress public key + private key, Base64-encoded per the Huntress API spec).

---

🖼️ Plugin screenshots

Plugin configuration

(Add screenshot of the plugin config UI will do this shorltly)

Default dashboards

(Add screenshot of the Agents and Incident Reports dashboards, will do this shortly)

---

🧪 Testing

Tested against a live Huntress account:

• Config validation connects successfully via the organizations data stream
• All data streams (agents, agentsByOrganization, organizations, incident_reports, escalations, signals, external_ports, platform_actions) return data correctly
• Paging works as expected at 500 items per page
• State maps for severity and status render correctly on incident reports, escalations, and platform actions
• Default dashboards for Agents, Incident Reports, and Platform Actions load without errors
• Object indexing correctly surfaces Huntress Agent and Huntress Organization typed objects

---

⚠️ Known limitations

• The Huntress API is rate-limited to 60 requests per minute. Initial syncs of large environments may take longer as the plugin paginates within this limit.
• The default account-level API credential is read-only, which covers all data streams in this plugin.

---

📚 Checklist

• Plugin, datastream and UI naming follow SquaredUp guidelines
• Logo added
• One or more dashboards added
• README added including configuration guidance
• No secrets or credentials included
• I agree to the Code of Conduct

[github-actions]

🧩 Plugin PR Summary

📦 Modified Plugins

• plugins/Huntress/v1

📋 Results

Step	Status
Validation	✅ Passed
Deployment	🚀 Deployed

🔍 Validation Details

✅ huntress

{
  "valid": true,
  "pluginName": "huntress",
  "pluginType": "cloud",
  "summary": {
    "Data Streams": 8,
    "Import Definitions": 1,
    "UI Configuration": true,
    "Has Icon": true,
    "Has Default Content": true,
    "Config Validation": true,
    "Custom Types": true
  }
}

[claude]

🟡 The README headings ## Generating Huntress API Credentials (line 5) and ## Configuring the Plugin in SquaredUp (line 17) repeat plugin/context that users already know when embedded under SquaredUp's "Need help?" panel. The repo guidelines for docs/README.md explicitly say "Avoid headings that repeat the plugin name or use Overview". Consider neutral alternatives like ## Generate API credentials and ## Configure the plugin.

Extended reasoning...

What the issue is

The repo's documentation guidelines for plugin docs/README.md files explicitly state: "Avoid headings that repeat the plugin name or use Overview". This is because READMEs are embedded inside SquaredUp under a "Need help?" panel that is already scoped to the plugin — the heading context is implicit, so repeating it just adds noise.

How it manifests

In plugins/Huntress/v1/docs/README.md:

• Line 5: ## Generating Huntress API Credentials — literally repeats the plugin name "Huntress". This is the clearest violation; the word "Huntress" adds nothing because the user is already in the Huntress plugin's help panel.
• Line 17: ## Configuring the Plugin in SquaredUp — borderline. It does not contain the literal token "Huntress", but "the Plugin in SquaredUp" restates the entire context (which plugin, which product) that the embed already provides.

Why existing code does not prevent it

There is no automated lint for README heading style in this repo — the validation step in the PR-summary bot only checks structural plugin validity (data streams, UI config, icon present, etc.), not prose conventions. The guideline lives in the contributor prompt/docs and is enforced by reviewers.

Impact

Cosmetic only — no functional effect on the plugin, dashboards, or API integration. The plugin will work correctly. When the README is rendered in SquaredUp, the headings will simply look slightly redundant compared to other plugins that follow the convention.

Suggested fix

Rename both H2 headings to drop the redundant context:

-## Generating Huntress API Credentials
+## Generate API credentials
 ...
-## Configuring the Plugin in SquaredUp
+## Configure the plugin

The opening H1 # Before you start already follows the recommended pattern, so only the two subsequent H2 headings need adjusting.

Step-by-step proof

1. Open plugins/Huntress/v1/docs/README.md.
2. Line 5 reads: ## Generating Huntress API Credentials.
3. The literal token "Huntress" appears in the heading.
4. The repo guideline says: "Avoid headings that repeat the plugin name".
5. The plugin name in metadata.json is Huntress (displayName: "Huntress").
6. Therefore line 5 violates the rule directly. Line 17 violates the spirit of the rule (redundant context-restatement) even though it omits the literal plugin name.