Huntress Managed ITDR can now disable and re-enable Active Directory (AD) synced identities (also known as “hybrid” identities) using the Huntress agent on an organization’s AD server. AD servers with a Huntress agent of v0.14.22 and later can utilize this functionality. Huntress analysts can now add identity disablement for these identities as a Containment (ie: automatic) remediation and as an Assisted (ie: partner-initiated from the Huntress incident report) remediation. Huntress partners can also disable these identities directly from the Huntress portal.

Partners will receive a new escalation when an AD synced identity disablement task fails. Identity disablement will not be an option for AD sync’ed identities without a corresponding agent on their AD server.

Autotask PSA integration is officially moving out of beta to general availability! Customers can now configure incident reports and billing information to be populated in their instance of Autotask.

For existing SAT customers who also have EDR and/or ITDR, when an Incident Report is provided the Huntress Managed Security Platform will automatically recommend the corresponding SAT episode(s) that can be assigned to individual learners or an entire organization. A new tab called 'Recommendations' will list the suggested episode(s) and this can be one-click assigned from the report itself and tracked in the SAT portal for completion monitoring and reporting.

This new feature enables just-in-time, targeted training to reduce future risks from similar attacks to help businesses be more resilient, and to get even more value when using multiple Huntress products (EDR, ITDR, and SAT).

Huntress EDR for macOS now has visibility into XProtect alerts! XProtect is the antivirus built into macOS. Huntress is able to trigger very high-fidelity signals based on XProtect detections. Signals can be seen on a new Antivirus page on the Mac agent detail pages in the Portal.

Also released is a Microsoft Defender for Endpoint (MDE) integration, which will generate Signals based on MDE alerts. Additionally, the Antivirus page in the Portal shows the status of Defender, as well as supports tasks such as requesting a Defender scan and signature update.

We've introduced correlation signals designed to detect bursts of Defender Antivirus activity within short timeframes. These detections trigger when the number of antivirus signals exceed defined thresholds within a specified time window. Now, multiple weaker, lower-fidelity signals will be combined into a single, powerful higher-fidelity signal and reported as part of a single report.

We are excited to share that partners with Microsoft GCC (Government Community Cloud) High tenants can now fully integrate with Huntress Managed ITDR.

GCC High is a different Microsoft 365 cloud environment designed for U.S. government and cleared contractor use, and supporting these types of specialized tenants has been an ongoing request from Managed ITDR partners.

Initially, this functionality will require a few manual steps to set up and is available by request only. If you are interested in learning more, please reach out to your account manager!

Usage data for SAT and SIEM are now included in billing information sent to Autotask and ConnectWise billing integrations. Customers who have configured their integration prior to April 29th will need to update the mapping in the Portal to propagate the counts to their PSA. Counts are also available via the Organizations API endpoint.

The report API (https://api.huntress.io/docs#summary-reports) previously only returned a link to a Report PDF. The API has been updated to return the raw data contained in a report so that it can be ingested into your own dashboards and reports.

When Felix gets pulled into the digital world, he discovers his weak passwords have left his online accounts defenseless against looming cyber threats. As the “chosen one,” he must train with the Passmaster and level up his security skills before the Titans destroy everything!

Learning Objectives:

We've now gathered enough data with thousands of Microsoft Teams messages successfully delivered in 'Early Access' and are excited to officially move that feature to general availability (GA).