Huntress Managed SAT now supports SCIM, an open standard for identity sync, to allow admins to set up learner sync with Entra, Entra in GCC-High environments, Okta, and many more!

Huntress Managed SIEM is please to announce the release of the SentinelOne log source. The KB configuration guide can be found here: https://support.huntress.io/hc/en-us/articles/41838176250259-API-SentinelOne-Audit-Logs

The Huntress Platform is making it easier to manage API keys. The Platform now supports user-specific API keys, assignable by Account Admins. So now an Account can have multiple API keys. The keys are associated with a specific user and mirror that user’s permissions. Don’t worry though, Accounts can continue to use existing API keys or you can use a combination of user-assigned keys and the Account key. In the future, new API capabilities, such as write access, will only be supported on these new user-specific keys.

The Huntress Portal has an updated navigation bar that includes a new Organization selection menu. This menu offers search functionality, and will make finding and selecting an Organization much easier especially for Partners with a large number of orgs under an Account.

Huntress has introduced improvements to Incident Reports to provide more visibility of all incident activity history. Reports now give you the complete history of any updates provided by the SOC. Now when a Report is updated the latest details will be at the top and previous updates will be shown below. There is also a "View Changes" button that will highlight the changes in each update.

The API Documentation Page has a number of new features that will make it easier and faster to get answers to your API questions and use the Platform API. Some of these features include:

To ensure partners and customers always know who their Huntress contact is, and can easily reach out to them, the CAM name and contact information is now available in the Platform on the following pages:

In order to provide more visibility of SOC actions being taken to contain a threat, preliminary Incident Reports are now being sent by the SOC when a host or identity is manually isolated.

The preliminary Incident Report informs partners and customers that the SOC is investigating an incident and took action to contain a threat, that the investigation is ongoing, and to expect a follow-up Incident Report. We are making this change so we can quickly contain a threat and provide context to partners and customers while minimizing the risk of an attack spreading as the SOC are actively investigating.

Users can now see error messages returned by an integrated PSA ticketing system in the Huntress Portal, as well as initiate a resend of any failed tickets.

We've updated the architecture back-end of SAT with two major changes: