Integrations

Edge Connectors let third-party services authenticate, analyze, and report on browser events and usage data, providing valuable insights and smarter decision-making. https://blogs.windows.com/msedgedev/2025/04/28/introducing-edge-for-business-security-connectors/

Ability to create email integrations at the organization level so incident reports for certain organizations will be sent to them and not the account level emails.

Please add native integration with Microsoft Teams Workflows for Huntress Labs to send EDR and ITDR notifications directly to Teams channels. This would allow IT and security teams to receive real-time alerts within their existing communication platform, improving response times and reducing the need to rely solely on email or the Huntress dashboard—especially when technicians are mobile or onsite. Ideally, the integration should support the same notification format currently used for email and ConnectWise PSA, with options for channel targeting via Teams Web Link. Best Case Scenario: For IT teams that are constantly onsite or in the field, email alerts can be easily overlooked or delayed due to limited inbox access. A Teams integration ensures alerts are delivered as instant, high-visibility messages where technicians are already collaborating—resulting in faster acknowledgment and resolution of critical threats.

Candidly, integration with Defender is nice. However, we've seen where Defender is slow to prevent an attack or infection on a device where other specialized EPS solutions seem to excel. Specifically, we leverage Deep Instinct as an EPS. It works great in terms of prevention of known and unknown threats. I won't repeat the marketing material. What I can say is that in our environment, we went from having 1-2 events per month with Cylance to having zero in almost 2 years. We run Deep Instinct and Huntress as part of our endpoint security stack as Deep Instinct does not have an EDR and Defender did not satisfy our needs on its own. If we could integrate first a SIEM connection to get prevention events from Deep Instinct to Huntress, that would be fantastic as a start. A wish would be a more complete integration - but honestly, just a SIEM integration would make me feel better at night.

We enabled SSO with Microsoft Entra. It still requires us to manually create the user within Huntress before they can login. Many other applications that we integrated have an "auto provision" setting. When enabled this will automatically create the user in Huntress as long as they're part of security group on the Entra Enterprise Application. Some of the better ones even have mapping logic where you can map specific Entra Groups to specific permissions on the application (huntress) side.

I would like to see an integration that allows the Huntress activity and logs to be connected as a log source to a SIEM. This would allow a 3rd party SOC to work with events as well.

An additional integration option for event updates that initiates a HTTPS callback and posts detailed JSON data about the event. It will allow faster response and wider range of integration options and much more preferable then having to parse an email.

I don't have any clients who use Windows Defender. It would be great if in the future there was a Sentinel One integration to pull logs from and review detentions to confirm that Sentinel One completely removed the threat.

I informed that Virustotal integration stopped and now the threat operations teams review the binaries manually. I liked the VT scoring and I think that an automatic check and verification, even as a first step is mandatory. Especially for Endpoints that have a third-party AV or are incompatible with the Managed AV.

This update looks to make SIEM easier to operationalize by adding Billing support for PSA integrations and APIs