Account admins can now configure one or more email recipients to automatically receive monthly and quarterly reports for the account. To enable emails, the report page for the account in the Platform portal now has a "Manage Recipients" button like the one for an organization.

To make it easier to filter and use automations, email and PSA subject lines now include the Huntress product and organization name.

Huntress [Product - EDR, ITDR, SIEM, ISPM, ESPM, SAT] [Severity] [Category] | [Description] ([Organization])

Example: Huntress EDR Critical Escalation | Suspicious Process on HOST01 (Acme Corp)

External Recon in Managed EDR provides visibility into an organization’s external attack surface by identifying open ports and services exposed to the Internet. We have released two new API endpoints for querying data from External Recon. Each record includes the IP address, port, protocol, detected service, and a risky_service flag. Details are available in the API docs:

Resellers can now programmatically manage product subscriptions for their managed accounts via the new /v1/reseller/subscriptions endpoints. This endpoint supports creating, retrieving, updating, and upgrading subscriptions for Managed EDR, ITDR, SAT, and SIEM with standard terms and pricing. Please see the API docs for more details.

Email integration destinations now include a "Send Resolved notifications" toggle that lets you stop receiving resolved emails for Incidents, Escalations, and Platform Actions notifications. The setting works at both the global and per-category level — disable it globally to suppress all resolved emails, or use per-category overrides for more granular control. Existing integrations are unaffected and will continue sending resolved emails unless a user explicitly opts out.

We have added new endpoints to the Reseller API to facilitate programmatic access to billing data. The new endpoints enable resellers and distributors to automate billing of Huntress products without having to use manual approaches with spreadsheets and CSV files. These endpoints allow for the retrieval of a full invoice index, specific invoice details, and granular line-item breakdowns for both account-level and organization-level usage. Please see Huntress’ API docs linked below for further details.

The Huntress Accounts API endpoint now allows partners and resellers to programmatically retrieve the total number of Neighborhood Watch licenses allocated to an account. To learn more and see a sample of the output, check out the API docs.

We’re excited to announce the Attack Disruption Engine in Managed EDR for Windows. When threat actors find gaps that allow them to land on an endpoint and launch attacks, they move with speed and purpose, whether to steal data or ransom an organization. The Attack Disruption Engine is built to disrupt the attack and create friction for the attacker, buying time for the Huntress SOC to go to work containing and remediating the threat before damage can be done. To learn more, check out this blog that goes into more detail.

Historically, the Gmail "Report a Phish" plugin performed the forward email action on reported messages. This is problematic because the forwarded message lacks complete headers.

In order to preserve the headers and deliver the complete reported message with all headers preserved, the SAT Gmail Report Phishing plugin will now transmit the message to us via API so we may forward it as an attachment.

Note that the attached message will now show the learner as the recipient vs the sender of a forwarded email.

We’ve made it easier to do bulk allow-list exclusions for Windows Defender Antivirus. Also, allow-list exclusions can be set indefinitely. No more 30 day restrictions!

To update exclusions in the Platform, navigate to Managed EDR .. Managed Antivirus, click on Managed Antivirus Exclusions. Scroll down and select the exclusions you would like to modify and then use the bulk action buttons.