There isn’t currently an API endpoint to create credential report/credential file exclusions at the agent, org, or account level in Huntress. The public API only covers accounts, orgs, agents, incident reports (including resolution), summary reports, billing, and signals so exclusions still have to be managed in the portal UI. If we had the ability to create Agent level exclusions for Credential Reports, it would allow us to completely automate our response with no human touch needed.

We want the Credential alert so we can send the Autotask ticket contact boilerplate on why they shouldn't save passwords in a file, but if they are going to do it anyway then at least rename the file. Alternatively, we use this as a solutions lead to inquire if they want to have a conversation about a password management solution or SaaS SSO setup in their M365 tenant.

We only need a single alert, then we setup an exclusion for the endpoint so it does not trigger again.

Just need the API endpoint to be able to create the exclusion and this is all hands free.