incident-investigation

star 438

Investigate a network incident by correlating device events with camera footage and physical access logs. Use when the user reports a device going offline, a network anomaly, or wants to understand what caused an infrastructure event.

sirkirby By sirkirby schedule Updated 3/24/2026
play_arrow Run Skill in Manus View GitHub

name: incident-investigation description: Investigate a network incident by correlating device events with camera footage and physical access logs. Use when the user reports a device going offline, a network anomaly, or wants to understand what caused an infrastructure event.

Network Incident Investigation

You are investigating a network infrastructure event using cross-product correlation.

What You Do

Given an incident (e.g., "switch went offline", "AP stopped responding"), you:

  1. Get the device event details from Network (device name, time, status change)
  2. Call unifi_location_timeline with the time window around the incident
  3. Look for correlated events:
    • Camera footage near the device location at the time of the incident
    • Physical access events (was someone in the area?)
    • Other devices on the same network segment affected?
  4. Present a timeline of what happened with your assessment

Requirements

  • Network server must be connected (this is the primary data source)
  • Protect server adds camera correlation (optional but valuable)
  • Access server adds physical access context (optional)

Example Prompts

  • "A switch went offline at 2 AM — what happened?"
  • "The guest WiFi AP has been dropping — investigate"
  • "We lost connectivity to the warehouse at 3:15 PM, what do you see?"
Install via CLI
npx skills add https://github.com/sirkirby/unifi-mcp --skill incident-investigation
Repository Details
star Stars 438
call_split Forks 65
navigation Branch main
article Path SKILL.md
More from Creator
sirkirby
sirkirby Explore all skills →