Add s1-secops-skills plugin and s1-secops-mcp server#70
Open
pmoses-s1 wants to merge 1 commit into
Open
Conversation
- plugins/s1-secops-skills/: 7 SentinelOne SecOps skills (powerquery, mgmt-console-api, sdl-api, sdl-dashboard, sdl-log-parser, sdl-solutions, hyperautomation) + built .plugin/.skill bundles in dist/ - mcp/s1-secops-mcp/: SentinelOne MCP server (Node.js) + mcp/docker/ build - root .claude-plugin/marketplace.json registers the repo as a plugin marketplace - contributed content relicensed to the repository's AGPL-3.0 - customer references and credentials.example.json removed; credentials documented in mcp/s1-secops-mcp/README.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add
s1-secops-skillsplugin ands1-secops-mcpserverBrings the SentinelOne SecOps Claude skills and the SentinelOne MCP server into AI-SIEM as two new top-level areas, following the repo's type-based layout.
What this adds
plugins/s1-secops-skills/— a Claude plugin (Cowork + Claude Code) bundling seven SecOps skills:powerquery,mgmt-console-api,sdl-api,sdl-dashboard,sdl-log-parser,sdl-solutions,hyperautomation. Built.skill/.pluginbundles live indist/;scripts/build.shrebuilds them.mcp/s1-secops-mcp/— the SentinelOne MCP server (Node.js, 26 tools, stdio or HTTP) plusmcp/docker/. Test suite passes 24/24..claude-plugin/marketplace.json— registers the repo as an installable plugin marketplace.Licensing
Contributed content is licensed under the repository's AGPL-3.0 (source was MIT; relicensed to match ai-siem).
Hygiene
credentials.example.jsonremoved — credential keys + resolution order are documented inmcp/s1-secops-mcp/README.md..gitignorekeepsplugins/s1-secops-skills/CLAUDE.mdtracked and adds secret-scan patterns.Reviewers
Requesting review from all AI-SIEM approvers: Nate Smalley, Kyle Pawlak, Joe DiMasi, Andrew Stott, Kenneth Tang.
Notes for maintainers
plugins/andmcp/are new top-level directories — confirm this is the desired home (happy to adjust placement).package.jsonname is@pmoses-s1/s1-secops-mcp; it is currently published as@pmoses-s1/sentinelone-mcp. Thenpxinstall path and the raw install one-liners resolve once the package is (re)published under the new name and this is merged. Consider an official SentinelOne npm scope.