We’re excited to announce that EDR for Linux is out of open beta and generally available. Our EDR for Linux is purpose-built for organizations, and made to find and wreck threats targeting your Linux endpoints. Our elite 24/7 SOC and threat hunters have already detected and investigated novel attacker tradecraft and tools. Check out the blog on the PeerBlight Linux Backdoor to learn more.

ITDR subscribers now have access to the new Data Exfiltration Timeline. This new view within ITDR incident reports presents an overview of adversary activity from compromise to remediation, including files and emails accessed, saving you precious time in diagnosing how to respond to a compromise.

The Timeline also includes a complete chronological record of when the compromise started, when Microsoft sent logs to Huntress, and when Huntress took action.

Huntress has retroactively generated Timelines dating back to when we enabled additional audit log ingestion for each account. For most accounts, this took place in December or early January.

For more information, check out The Incident Report Timeline.

Huntress ITDR now ingests and stores in the Huntress SIEM Microsoft Audit.General and Audit.Sharepoint logs (in addition to Audit.Exchange and Audit.AzureActivityDirectory). This data is retained for one year at no cost and does not require a Huntress SIEM subscription.

Huntress SOC analysts and threat hunters use this data to detect adversary activity, and it is now available to Huntress users as well with the full functionality of the Huntress SIEM.

For more information, check out Huntress Managed SIEM Log Search Guide and Huntress Managed SIEM Query Builder.

We’re excited to announce the addition of two new write APIs for account and organization management to make it faster and easier to automate activities and workflows.

The first write API allows organizations to be created, updated, and deleted without needing to log into the Huntress Platform. For example, the Organizations API could be used with an RMM to automate the onboarding of new organizations and deployment of EDR. Please see the API documentation for more details.

The second write API enables automation of account onboarding and off-boarding. To learn more about this API, please see the Reseller API documentation.

The HaloPSA integration with the Huntress Platform now supports automatic billing information syncing, making it faster and easier to automate client billing. To learn how to turn on billing sync with HaloPSA, check out this support article.

Have you ever wanted to import your Google Slides or Microsoft Powerpoint deck into custom content creator in SAT? Now you can! Just export your existing deck to PDF and use the new feature to import some or all slides. You can then insert your own quiz questions, videos, and any other type of block.

Huntress SAT has added reports to be used internally and externally. These endpoints empower developers to make better use of SAT reporting via API.

Huntress ITDR users can now add "Deny All" Unwanted Access Configuration Rules at the account and organization level for both countries and VPNs.

When a "Deny All" location rule exists at the account or organization level, login sessions from outside of the identities' usage location will be revoked and the identity will be disabled.

When a "Deny All" VPN rule exists at the account or organization level, login sessions from any anonymous VPN will be revoked and the identity will be disabled.

Expected rules at the identity or organization level will override "Deny All" rules at the organization and account level respectively.

Google has approved the "Huntress SAT Report a Phish" button! It is now live in the marketplace and available to anyone who finds it. Huntress employees will be the first to use it and are encoraged to share their feedback. https://workspace.google.com/marketplace/app/huntress_sat_report_a_phish/979498690516

New standard reports for Phishing & Assignments give you a more granular view of overall performance and allow you to identify learning gaps and trends.