Huntress has enabled central logging of Portal and Platform activity to help you address any audit requirements. Portal events and actions are recorded to Huntress SIEM, giving you one location when you need to review activity, and export data for your audit and compliance reports. This is automatically enabled for all organizations and provided for free.

Audit logs are accessible in the Portal from the top menu bar "hamburger icon” under “Audit Log”, or navigating to SIEM … SIEM Dashboard, and selecting the appropriate Starter Query under “Huntress Platform”.

We’re pleased to announce that the Huntress Platform API has added support for Signals. In addition to accessing Signals via the Huntress Platform Portal, you can now programmatically fetch Signals and details, enabling it to be incorporated into your workflows and automations, reducing the time and effort required to collect and use this information.

We have made UI improvements to the Huntress Platform Portal that will make it easier to request SOC Support, including phone callback. We've added a SOC Support button on the Incident Triage Feed page for quicker requests during urgent situations. There is a banner displayed in the Portal when a callback request has been initiated. Lastly, there is a deep link in the text version of Incident Reports so support requests can be made from a PSA or integrated ticketing system.

Huntress Managed ITDR can now disable and re-enable Active Directory (AD) synced identities (also known as “hybrid” identities) using the Huntress agent on an organization’s AD server. AD servers with a Huntress agent of v0.14.22 and later can utilize this functionality. Huntress analysts can now add identity disablement for these identities as a Containment (ie: automatic) remediation and as an Assisted (ie: partner-initiated from the Huntress incident report) remediation. Huntress partners can also disable these identities directly from the Huntress portal.

Partners will receive a new escalation when an AD synced identity disablement task fails. Identity disablement will not be an option for AD sync’ed identities without a corresponding agent on their AD server.

Autotask PSA integration is officially moving out of beta to general availability! Customers can now configure incident reports and billing information to be populated in their instance of Autotask.

For existing SAT customers who also have EDR and/or ITDR, when an Incident Report is provided the Huntress Managed Security Platform will automatically recommend the corresponding SAT episode(s) that can be assigned to individual learners or an entire organization. A new tab called 'Recommendations' will list the suggested episode(s) and this can be one-click assigned from the report itself and tracked in the SAT portal for completion monitoring and reporting.

This new feature enables just-in-time, targeted training to reduce future risks from similar attacks to help businesses be more resilient, and to get even more value when using multiple Huntress products (EDR, ITDR, and SAT).

Huntress EDR for macOS now has visibility into XProtect alerts! XProtect is the antivirus built into macOS. Huntress is able to trigger very high-fidelity signals based on XProtect detections. Signals can be seen on a new Antivirus page on the Mac agent detail pages in the Portal.

Also released is a Microsoft Defender for Endpoint (MDE) integration, which will generate Signals based on MDE alerts. Additionally, the Antivirus page in the Portal shows the status of Defender, as well as supports tasks such as requesting a Defender scan and signature update.

We've introduced correlation signals designed to detect bursts of Defender Antivirus activity within short timeframes. These detections trigger when the number of antivirus signals exceed defined thresholds within a specified time window. Now, multiple weaker, lower-fidelity signals will be combined into a single, powerful higher-fidelity signal and reported as part of a single report.

We are excited to share that partners with Microsoft GCC (Government Community Cloud) High tenants can now fully integrate with Huntress Managed ITDR.

GCC High is a different Microsoft 365 cloud environment designed for U.S. government and cleared contractor use, and supporting these types of specialized tenants has been an ongoing request from Managed ITDR partners.

Initially, this functionality will require a few manual steps to set up and is available by request only. If you are interested in learning more, please reach out to your account manager!

Usage data for SAT and SIEM are now included in billing information sent to Autotask and ConnectWise billing integrations. Customers who have configured their integration prior to April 29th will need to update the mapping in the Portal to propagate the counts to their PSA. Counts are also available via the Organizations API endpoint.