Huntress CLI

Command-line interface for Huntress cybersecurity platform API. Built with TypeScript and Commander.js, providing a simple and powerful way to interact with Huntress from the terminal.

Features

JSON output by default with optional table formatting
Full support for Huntress API resources
Environment variable configuration
Type-safe with TypeScript
Pagination support
Filtering and sorting capabilities
Comprehensive incident and escalation management
User membership management
Billing and reporting access

Installation

From npm (GitHub Packages)

npm install -g @wyre-technology/huntress-cli

From source

git clone https://github.com/wyre-technology/huntress-cli.git
cd huntress-cli
npm install
npm run build
npm link

Configuration

The CLI requires authentication via environment variables:

Variable	Description	Required
`HUNTRESS_API_KEY`	Your Huntress API key	Yes
`HUNTRESS_API_SECRET`	Your Huntress API secret	Yes

Example Setup

export HUNTRESS_API_KEY="your-api-key-here"
export HUNTRESS_API_SECRET="your-api-secret-here"

For persistent configuration, add these to your shell profile (~/.bashrc, ~/.zshrc, etc.).

Usage

General Syntax

huntress <resource> <action> [options]

Output Formats

All commands support two output formats:

--format json (default): Machine-readable JSON output
--format table: Human-readable table format

Available Commands

Accounts

Get account information:

# Get account details
huntress accounts get
huntress accounts get --format table

# Get current actor information
huntress accounts actor

Agents

Manage endpoint agents:

# List all agents
huntress agents list
huntress agents list --format table

# Filter agents
huntress agents list --organization-id 100
huntress agents list --platform windows
huntress agents list --limit 50

# Get specific agent
huntress agent get 12345

Organizations

Manage organizations:

# List organizations
huntress organizations list
huntress org list --format table
huntress org list --limit 100

# Get specific organization
huntress org get 100

# Create organization
huntress org create --name "Acme Corp" --key "acme-corp"

# Update organization
huntress org update 100 --name "Acme Corporation"
huntress org update 100 --report-recipients "admin@acme.com,security@acme.com"

# Delete organization
huntress org delete 100

Incidents

Manage incident reports and escalations:

# List incident reports
huntress incidents list
huntress incidents list --format table
huntress incidents list --status open --severity high
huntress incidents list --organization-id 100
huntress incidents list --platform windows

# Get incident report
huntress incident get 54321

# Resolve incident
huntress incident resolve 54321

# List remediations for an incident
huntress incident remediations 54321
huntress incident remediations 54321 --format table

# Get specific remediation
huntress incident remediation-get 54321 98765

# Bulk approve all remediations
huntress incident bulk-approve 54321

# Bulk reject all remediations
huntress incident bulk-reject 54321 --comment "False positive" --useful false

# List escalations
huntress incidents escalations
huntress incidents escalations --format table

# Get escalation
huntress incident escalation-get 11111

# Resolve escalation
huntress incident escalation-resolve 11111 --determination expected --scope organization

Billing

Access billing and summary reports:

# List billing reports
huntress billing reports
huntress billing reports --format table
huntress billing reports --status paid

# Get billing report
huntress billing report-get 12345

# List summary reports
huntress billing summaries
huntress billing summaries --organization-id 100
huntress billing summaries --period-min "2026-01-01" --period-max "2026-12-31"

# Get summary report
huntress billing summary-get 67890

Signals

Manage security signals:

# List signals
huntress signals list
huntress signals list --format table
huntress signals list --organization-id 100
huntress signals list --types "malware,ransomware"
huntress signals list --statuses "open,investigating"

# Get signal
huntress signal get 99999

Users

Manage user memberships:

# List users
huntress users list
huntress users list --format table
huntress users list --organization-id 100

# Get user
huntress user get 12345

# Create user (invite)
huntress user create \
  --email "john@example.com" \
  --first-name "John" \
  --last-name "Doe" \
  --permissions "Security Engineer"

# Create user for specific organization
huntress user create \
  --email "jane@example.com" \
  --first-name "Jane" \
  --last-name "Doe" \
  --permissions "Admin" \
  --organization-id 100

# Update user permissions
huntress user update 12345 --permissions "Read-only"

# Delete user
huntress user delete 12345

Available permission levels:

Admin
Security Engineer
User
Read-only
Finance
Marketing

Examples

Monitor incident reports for an organization

# List all open incidents
huntress incidents list --status open --organization-id 100 --format table

# Get details of a specific incident
huntress incident get 54321

# Review remediations
huntress incident remediations 54321 --format table

# Approve all remediations
huntress incident bulk-approve 54321

Manage organization agents

# List all Windows agents for an organization
huntress agents list --organization-id 100 --platform windows --format table

# Get detailed information about a specific agent
huntress agent get 12345

Export data to JSON file

# Export all organizations
huntress org list > organizations.json

# Export all agents for an organization
huntress agents list --organization-id 100 > agents.json

# Export incident reports
huntress incidents list --status open > open-incidents.json

Review billing information

# List recent billing reports
huntress billing reports --status paid --format table

# Get detailed billing report
huntress billing report-get 12345 > billing-details.json

# List summary reports for a specific organization
huntress billing summaries --organization-id 100 --format table

Development

Prerequisites

Node.js >= 20.0.0
npm or yarn

Setup

git clone https://github.com/wyre-technology/huntress-cli.git
cd huntress-cli
npm install

Build

npm run build

Type Checking

npm run typecheck

Linting

npm run lint

Testing

npm test
npm run test:watch

Contributing

See CONTRIBUTING.md for guidelines.

Changelog

See CHANGELOG.md for release history.

License

MIT - See LICENSE for details.

Related Projects

@wyre-technology/node-huntress - Node.js client library (used by this CLI)
huntress-mcp - Huntress MCP server for Claude

Support

For issues and questions:

GitHub Issues: https://github.com/wyre-technology/huntress-cli/issues
Documentation: https://github.com/wyre-technology/huntress-cli

Security

For security issues, please contact security@wyretech.com.

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
src		src
.eslintrc.json		.eslintrc.json
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
README.md		README.md
package-lock.json		package-lock.json
package.json		package.json
tsconfig.json		tsconfig.json

Folders and files

Latest commit

History

Repository files navigation

Huntress CLI

Features

Installation

From npm (GitHub Packages)

From source

Configuration

Example Setup

Usage

General Syntax

Output Formats

Available Commands

Accounts

Agents

Organizations

Incidents

Billing

Signals

Users

Examples

Monitor incident reports for an organization

Manage organization agents

Export data to JSON file

Review billing information

Development

Prerequisites

Setup

Build

Type Checking

Linting

Testing

Contributing

Changelog

License

Related Projects

Support

Security

About

Topics

Resources

License

Contributing

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages