Changelog

Follow up on the latest improvements and updates.

RSS

Partners can now opt into a new Investigations view that makes Huntress SOC work more visible across your account. Instead of only seeing investigations that become incident reports, you can now review both Reported and Closed-Benign investigations across Managed EDR, ITDR, and SIEM.
Each completed investigation includes a chronological timeline showing the signals Huntress reviewed, the actions taken, any remediations applied, and the final outcome. The view is available in Early Access today for partners. To opt in, select "Investigations" in the top nav of your Huntress portal, then look for the "Try the new investigations view" banner.
Once you opt in, the new view automatically shows completed investigations from the last 90 days so you can better understand what Huntress investigated on your behalf and the work that was done to reach each conclusion.
Our fifth simulation is now in general availability. This simulation will be accompanying July's managed learning assignment and will give learners a new and improved experience to learn the risks of oversharing online.
You can now onboard Microsoft Defender for Endpoint (MDE) tenants in GCC High environments.
Once you follow the setup steps in KB article, your login, Graph, and MDE API traffic will automatically route to the correct GCC High .us endpoints.
This brings MDE in line with our existing GCC High support for ITDR, so if you've already mapped a GCC High tenant in ITDR, you can now onboard that same tenant into MDE
PSA billing sync has been updated to correctly aggregate counts when more than one Huntress organization is mapped to the same company in ConnectWise or HaloPSA. Previously, billing reflected only the value from whichever organization was processed last, which resulted in undercounting. You will now see an accurate sum across all mapped organizations, so your billing data reflects the full scope of what you manage.
The Huntress Agent for macOS now automatically ejects malicious DMGs before their payload can execute, stopping infostealer malware in its tracks. Affected users receive an on-screen notification explaining the action, and every disruption triggers a Huntress SOC investigation to confirm the macOS endpoint is clean.
No action required. Huntress gets in the way before damage is done!
Huntress Managed EDR now catches the moment an end user is tricked into overriding Apple's Gatekeeper to launch an infostealer, a critical step in the attack pattern. Infostealers are now one of the most prevalent macOS threat families.
Available now on macOS 14 and later.
Now that we've had partners and customers successfully use Custom HTML Scenarios in Huntress Managed SAT, we are ready to call it general availability. Early adopters are using it to spearphish employees with scenarios ranging from impersonating trusted vendors to using actual employee names and communication style to better prepare their team.
Huntress Managed Identity Security Posture Management (ISPM) is now fully available for everyone.
Managed ISPM continuously hardens your Microsoft 365 environment so attackers have fewer chances to abuse misconfigurations and over-permissioned users.
Our Early Access program ran from March 1 to June 30 and supported thousands of partners and customers worldwide.
Thanks to every one of our amazing Early Access participants. The feedback from over 12,000 Microsoft 365 tenants shaped the future of what we build here at Huntress. Here’s what GA brings for you in Managed ISPM:
  • Huntress-Managed
    security controls for Microsoft Entra ID, Exchange, SharePoint, and Teams. Protecting organizations across common areas of compromise.
  • Conditional Access
    policy management along with recommended templates.
  • Learning Mode
    brings pre-deployment impact analysis for Huntress Managed CA policies.
  • Managed Deployment
    brings a continuously updated identity framework which ensures that all managed organizations are automatically kept in line with security updates.
  • Drift Detection
    within minutes and Continuous Enforcement, so you stay aligned with best practices.
We continue to focus on the misconfigurations attackers exploit most, using SOC insights from the millions of identities we manage. This means you strengthen Microsoft 365 posture without building and maintaining your own baselines.
Learn more:
With this release, Huntress Managed SIEM now supports Okta as an identity and authentication log source, giving teams deeper visibility into the identity layer attackers love to target.
Even better: the Huntress SOC has detections built for Okta, helping identify identity-based attacks across key areas like credential attacks, privilege escalation, MFA bypass and fatigue, account takeover, and federated identity manipulation for organizations using Okta as their IdP or SSO provider.
The support configuration guide can be found here:
This is another big step forward in helping teams protect the full attack surface — from endpoint activity to identity-driven threats.
Searching through SIEM logs just got a whole lot easier. With AI Search, users can now search for logs using plain English instead of relying only on ESQL or the Query Builder.
Even better, AI Search helps users learn as they go. After running a plain-English search, simply click the ESQL button to see how Huntress translated your query into an ESQL query.
That means faster searches, easier investigations, and less time wrestling with query syntax.
Plain English in. Searchable logs out.
AI Search is now generally available in Huntress Managed SIEM.
Load More