(1 comment) (0 reactions) (1 assignee)JavaScript (7,438 stars) (5,305 forks)batch import

actionenhancementgood first issuehelp wantedtriaged

Description

[Action] List Incident Reports

Is there a specific app this action is for? Huntress

Please provide a link to the relevant API docs for the specific service / operation. GET /v1/incident_reports

Problem A user needs to programmatically retrieve security incidents to monitor their environment or feed data into downstream security workflows. Without this action, discovering new threats requires manual portal intervention.

What's needed Add a List Incident Reports action.

Prop Definitions

limit: (Integer) Max number of resources returned in a paged collection.
page_token: (String) Token used to request the next page in paginated results.
indicator_type: (String) Filter by indicator type (e.g., footholds, ransomware_canaries).
status: (String) Filter by status (e.g., sent, closed, dismissed).
severity: (String) Filter by severity (low, high, critical).

Notes

Endpoint: GET /v1/incident_reports
Use Case: Retrieve a filtered list of security incidents by status, severity, or platform.

[Action] Get Incident Report

Is there a specific app this action is for? Huntress

Please provide a link to the relevant API docs for the specific service / operation. GET /v1/incident_reports/{id}

Problem To perform automated remediation or detailed analysis, an agent needs the full payload and analyst summaries of a specific incident.

What's needed Add a Get Incident Report action.

Prop Definitions

id: (String) The unique identifier for an incident report. Use List Incident Reports to find available IDs.

Notes

Endpoint: GET /v1/incident_reports/{id}
Use Case: Retrieve full details and SOC analyst summaries for a specific incident.

[Action] Resolve Incident Report

Is there a specific app this action is for? Huntress

Please provide a link to the relevant API docs for the specific service / operation. POST /v1/incident_reports/{id}/resolution

Problem Once an incident is handled via automation, the status must be updated in Huntress to maintain accurate security reporting and clear SOC queues.

What's needed Add a Resolve Incident Report action.

Prop Definitions

id: (String) The unique identifier for the incident report to resolve.

Notes

Endpoint: POST /v1/incident_reports/{id}/resolution
Use Case: Mark an incident as resolved once all remediations are approved or completed.

[Action] Bulk Approve Remediations

Is there a specific app this action is for? Huntress

Please provide a link to the relevant API docs for the specific service / operation. POST /v1/incident_reports/{id}/remediations/bulk_approval

Problem Assisted remediations require approval before execution. Approving steps one-by-one is inefficient for large-scale incidents.

What's needed Add a Bulk Approve Remediations action.

Prop Definitions

id: (String) The unique identifier for the incident report whose remediations should be approved.

Notes

Endpoint: POST /v1/incident_reports/{id}/remediations/bulk_approval
Use Case: Authorize all pending remediation steps to immediately trigger automated cleanup.

[Action] List Remediations

Is there a specific app this action is for? Huntress

Please provide a link to the relevant API docs for the specific service / operation. GET /v1/incident_reports/{id}/remediations

Problem An agent needs to understand the specific steps required for a fix to decide if it should be approved or escalated to a human.

What's needed Add a List Remediations action.

Prop Definitions

id: (String) The unique identifier for the incident report.
types[]: (Array) Filter by type (assisted, manual, containment).
statuses[]: (Array) Filter by status (unapproved, approved, completed, failed, cancelled).

Notes

Endpoint: GET /v1/incident_reports/{id}/remediations
Use Case: View specific manual or assisted steps required to resolve an incident.

[Action] List Agents

Is there a specific app this action is for? Huntress

Please provide a link to the relevant API docs for the specific service / operation. GET /v1/agents

Problem Visibility into endpoint health and connection status is critical for ensuring security coverage across the fleet.

What's needed Add a List Agents action.

Prop Definitions

limit: (Integer) Max number of resources to return.
organization_id: (String) Filter by a specific organization ID.
platform: (String) Filter by platform (windows, darwin, linux).

Notes

Endpoint: GET /v1/agents
Use Case: Monitor endpoint health, OS versions, and connection status across the fleet.

[Action] Get Agent

Is there a specific app this action is for? Huntress

Please provide a link to the relevant API docs for the specific service / operation. GET /v1/agents/{id}

Problem To troubleshoot specific device vulnerabilities or policy failures, an agent needs the full technical details of an endpoint.

What's needed Add a Get Agent action.

Prop Definitions

id: (String) The unique identifier for the agent.

Notes

Endpoint: GET /v1/agents/{id}
Use Case: Get detailed hardware, OS build, and security policy status for a specific machine.

[Action] Find Agents by Organization

Is there a specific app this action is for? Huntress

Please provide a link to the relevant API docs for the specific service / operation. GET /v1/agents?organization_id={id}

Problem For multi-tenant management, a user often needs to isolate work to a single customer's endpoints.

What's needed Add a Find Agents by Organization action.

Prop Definitions

id: (String) The unique identifier for the organization. Use List Organizations to find this ID.

Notes

Endpoint: GET /v1/agents?organization_id={id}
Use Case: Retrieve all endpoints belonging to a specific customer or site.

[Action] List Organizations

Is there a specific app this action is for? Huntress

Please provide a link to the relevant API docs for the specific service / operation. GET /v1/organizations

Problem Organization IDs are required for almost every scoped API call. Agents need to resolve organization names to IDs to operate effectively.

What's needed Add a List Organizations action.

Prop Definitions

limit: (Integer) Max number of results.
page_token: (String) Pagination token.

Notes

Endpoint: GET /v1/organizations
Use Case: Retrieve all managed customers to resolve names to organizational IDs.

[Action] Create Organization

Is there a specific app this action is for? Huntress

Please provide a link to the relevant API docs for the specific service / operation. POST /v1/organizations

Problem Automating customer onboarding requires the ability to create new organization containers and retrieve deployment keys without manual portal entry.

What's needed Add a Create Organization action.

Prop Definitions

name: (String) The public facing name for this organization.
key: (String) The organization key used to associate agents with this group.

Notes

Endpoint: POST /v1/organizations
Use Case: Provision a new organization and generate a unique organization key for agent deployment.

[Action] Update Organization

Is there a specific app this action is for? Huntress

Please provide a link to the relevant API docs for the specific service / operation. PATCH /v1/organizations/{id}

Problem Changes to customer names or security notification lists need to be synced from external systems (like a CRM or PSA) into Huntress.

What's needed Add an Update Organization action.

Prop Definitions

id: (String) The unique identifier for the organization to update.
name: (String) Updated organization name.
report_recipients: (Array) Updated list of notification email addresses.

Notes

Endpoint: PATCH /v1/organizations/{id}
Use Case: Update organization names or adjust report recipient email lists.

[Action] Delete Organization

Is there a specific app this action is for? Huntress

Please provide a link to the relevant API docs for the specific service / operation. DELETE /v1/organizations/{id}

Problem When a customer is offboarded, the organization and its associated agents must be removed to stop data collection and billing.

What's needed Add a Delete Organization action.

Prop Definitions

id: (String) The unique identifier for the organization to delete.

Notes

Endpoint: DELETE /v1/organizations/{id}
Use Case: Offboard a customer by deleting their organization and uninstalling all associated agents.

[Action] List Escalations

Is there a specific app this action is for? Huntress

Please provide a link to the relevant API docs for the specific service / operation. GET /v1/escalations

Problem Escalations represent critical issues that require manual configuration or partner input. These need to be monitored to ensure platform health.

What's needed Add a List Escalations action.

Prop Definitions

status: (String) Filter by status (open, overdue, resolved).
limit: (Integer) Max number of results.

Notes

Endpoint: GET /v1/escalations
Use Case: Identify items requiring partner attention, such as integration issues or VPN authorization.

[Action] Resolve Escalation

Is there a specific app this action is for? Huntress

Please provide a link to the relevant API docs for the specific service / operation. POST /v1/escalations/{id}/resolution

Problem After fixing an integration or verifying a login, an agent must resolve the escalation to clear the alert state.

What's needed Add a Resolve Escalation action.

Prop Definitions

id: (String) The unique identifier for the escalation.

[Action] List Identities

Is there a specific app this action is for? Huntress

Please provide a link to the relevant API docs for the specific service / operation. GET /v1/identities

Problem Compromised identities are a primary vector for attacks. Monitoring risk levels and MFA compliance across cloud tenants is essential for identity protection.

What's needed Add a List Identities action.

Prop Definitions

organization_id: (String) Filter by organization.
risk_level: (String) Filter by risk (none, low, medium, high).
mfa_enabled: (Boolean) Filter by MFA status.

Notes

[cite_start]Endpoint: GET /v1/identities
[cite_start]Use Case: Audit user risk levels and MFA status across Microsoft 365 or Google Workspace.

[Action] Execute SIEM Query

Is there a specific app this action is for? Huntress

Please provide a link to the relevant API docs for the specific service / operation. POST /v1/siem/query

Problem Standard dashboard views don't always catch complex behavioral patterns. Advanced hunting requires raw log access via ESQL queries.

What's needed Add an Execute SIEM Query action.

Prop Definitions

[cite_start]esql: (String) The ESQL query string (must begin with FROM logs).
range_start: (String) ISO 8601 query range start.
range_end: (String) ISO 8601 query range end.

Notes

Endpoint: POST /v1/siem/query
Use Case: Perform advanced behavioral hunting using ESQL against raw SIEM logs.

Contributor guide

Tech stack: javascriptnodejsrest api
Domain: apisecurity
Issue type: feature
Difficulty: 3
Estimated time: over 1 week
Activity status: blocked
Clarity: clear
Prerequisites: Familiarity with Pipedream componentsJavaScript/Node.jsREST API concepts
Newbie friendliness: 30
Research direction: The issue requests 17 new actions for the Huntress API, each with defined endpoints and properties. The contributor should examine existing Pipedream action components (e.g., in the 'components/huntress' or similar directory) to understand the pattern. The issue has an assignee, so coordination may be required. No linked PRs or additional comments provide further guidance.