Access Signals by API | Voters

Access Signals by API

Tanner Stine

We would like to access Potentially Unsecured Credentials through the API. We already use scripts to trigger automation around the signals, however, we must export the list of manually each run. Please make /v1/signals a thing!

November 11, 2024

Patrick Sofo [Security Product Manager]

Merged in a post:

Additional Info through API

Jace Walker

We would like to request additional info be available via your API:

SOC Events Analyzed, Signals Investigated, Incidents Reported
Managed Antivirus (protected/unhealthy/etc)
Agents (Protected, Unresponsive, Outdates, Isolated)
Firewalls Active

A day ago

Patrick Sofo [Security Product Manager]

Merged in a post:

Alert/Investigation Visibility for All Services in Portal & via API

Eric Rockwell

I want to see all alerts that a Huntress ThreatOps Analyst reviewed for my account across ALL SERVICES (not just reported alerts and not just autorun investigations) along with the investigative decision and notes within the Portal/Summary PDF Reports and via a Rest API endpoint so I can consume this data programmatically for my business's audit/reporting needs

A day ago

Patrick Sofo [Security Product Manager]

Merged in a post:

Expand API to include investigations

Enola'la Macejkovic'la

We like to provided a few details from investigations as a "value add" to our customers to show that in addition to being detected, there is a human "behind the scenes" that has looked into this.

It would be great if we could have the investigations data exposed through the api for our custom reports

February 15, 2024

Patrick Sofo [Security Product Manager]

Hi Eric Rockwell we have released the alert visibility (or rather signals investigated) feature in Beta from the new Command Center page: https://support.huntress.io/hc/en-us/articles/24001293720083-Huntress-Command-Center-Your-New-Homepage
More to come on this feature to get it out of Beta in early 2024. https://support.huntress.io/hc/en-us/articles/23770609228307
There are plans to get the PDF Summary reports updated with this data in early 2024 as well and eventually an API endpoint, however we do not have dates set for the API just yet.

Pat Catalfamo

Our clients have also been asking for more details in reporting.

Actual reports of cyber incidents that were produced this month.
Table showing which devices had detections for which issues (IE 4 persistent footholds were found – which computers, when, what file names.)
List of what malware was blocked and on which devices.

Pat Catalfamo

Our clients have also been asking for more details in reporting.

Actual reports of cyber incidents that were produced this month.
Table showing which devices had detections for which issues (IE 4 persistent footholds were found – which computers, when, what file names.)
List of what malware was blocked and on which devices.

Martin Twerski

Great idea - I fully support this.