We've now gathered enough data with thousands of Microsoft Teams messages successfully delivered in 'Early Access' and are excited to officially move that feature to general availability (GA).

You can now add comments directly to Incident Reports in your Huntress Dashboard!

This is especially helpful for anyone who is triaging incidents and wants to leave notes for teammates — whether it's to provide additional context, share ticket numbers, or ensure smooth handoffs during shift changes.

Comments are for internal partner/customer use only. While our SOC and Support teams can view these comments, they won’t be responding to them. If you require help with an incident, please go through your normal channels to reach the Huntress SOC.

Huntress Managed SIEM now has the ability to assign custom syslog collection ports during configuration. This allows users to flexibly deploy the Huntress SIEM agent in environments with existing syslog collectors or where other applications are utilizing the default syslog port of 514. This is a frequent support request and the ability to use a custom port provides a rapid solution.

Archie, the mayor of Sludge Springs, has some beef with Curriculaville consistently winning the Cleanest Town Award. He'll use whatever dirty trick he can to stop them from winning it again.

We are excited to announce that Rogue Apps is now generally available in Huntress Managed ITDR. Rogue Apps is Managed ITDR's latest capability to detect and remediate malicious enterprise applications in your Microsoft tenants. Rogue Apps detects two forms of malicious applications:

Traitorware - legitimate applications found by Huntress to be frequently abused by attackers. To-date, our list of Traitoware applications included eM Client, PerfectData Software, Newsletter Software Supermailer, Rclone, and CloudSponge. We will continue to expand this list as we discover more use-cases.

Stealthware - unknown applications which are rare and have powerful permissions. These globally unique single or multi-tenanted malicious applications provide threat actors a backdoor into an identity or tenant environment.

This new capability detects and disables Traitorware and Stealthware applications in your tenant(s), and disables identities with permissions delegated to these applications. You can access the Rogue Apps dashboard under the ITDR icon in the left navigation panel in the Huntress portal. Here, you can view all installed applications across all of your tenants.

Excited to share an update with everyone, Partner account Admins now have the ability to enable/disable products for their Organizations. On the Organizations page, partners can now selectively choose which Organizations should have access to Huntress Managed EDR and Managed SIEM, and allows for a more granular and controlled approach to selling Huntress.

For more information, please take a look at our Support Documentation or reach out to your Huntress Account Manager.

In October 2024, we enhanced security by implementing Agent Tamper Protection, which blocks local agent uninstallation to prevent attackers from disabling defenses.

We’ve since updated the Huntress dashboard to remove the ability to indefinitely turn Tamper Protection On/Off, limiting Tamper Protection overrides to 4 hours. This ensures temporary adjustments don’t leave systems vulnerable, addressing risks of misconfiguration.

For more information on Tamper Protection, please see this Support Article.

Janel's groundbreaking invention could change the world, but Quincy's open-source research skills and big ambitions might just change her future.

Learning Objectives:

We've made an update to your Incident Reports! Containment actions are now going to show within the Remediations tab of an Incident, allowing you visibility into the status and the ability to track the progress of any actions taken, such actions as

This update will streamline adding future remediations for EDR, ITDR and SIEM, increasing the product efficiency and effectiveness against future threats.

Our SOC has observed a rise in PDF based phishing attacks in the wild. These new phishing simulations mimic that tradecraft by including an attachment with a bait-link (normal link or QR Code) inside.