Huntress Managed Identity Security Posture Management (ISPM) is now in free Early Access for qualifying Huntress partners and customers using Managed ITDR in Microsoft 365. Managed ISPM continuously hardens your Microsoft 365 environment so attackers have fewer chances to abuse misconfigurations and over-permissioned users.

During Early Access, you get:

We’re focusing first on the misconfigurations attackers exploit most, using SOC insights from millions of identities so you can strengthen Microsoft 365 posture without building and maintaining your own baselines.

Learn more: https://support.huntress.io/hc/en-us/articles/49984952291731-Huntress-Managed-ISPM-Early-Access-Readiness-and-Requirements

We’re excited to announce that Managed ITDR for Google Workspace is now generally available! Managed ITDR for GWS extends Huntress’ 24/7, human-led identity threat detection and response into GWS environments, delivering the same outcome-driven protection our customers rely upon in their Microsoft 365 environments. Some high-value detections available today:

And this is just the beginning. We’ll continue to update you with expanding detection coverage and response capabilities across GWS as they’re released.

Please see our new and updated KB articles on ITDR for GWS:

Account admins can now configure one or more email recipients to automatically receive monthly and quarterly reports for the account. To enable emails, the report page for the account in the Platform portal now has a "Manage Recipients" button like the one for an organization.

To make it easier to filter and use automations, email and PSA subject lines now include the Huntress product and organization name.

Huntress [Product - EDR, ITDR, SIEM, ISPM, ESPM, SAT] [Severity] [Category] | [Description] ([Organization])

Example: Huntress EDR Critical Escalation | Suspicious Process on HOST01 (Acme Corp)

External Recon in Managed EDR provides visibility into an organization’s external attack surface by identifying open ports and services exposed to the Internet. We have released two new API endpoints for querying data from External Recon. Each record includes the IP address, port, protocol, detected service, and a risky_service flag. Details are available in the API docs:

Resellers can now programmatically manage product subscriptions for their managed accounts via the new /v1/reseller/subscriptions endpoints. This endpoint supports creating, retrieving, updating, and upgrading subscriptions for Managed EDR, ITDR, SAT, and SIEM with standard terms and pricing. Please see the API docs for more details.

Email integration destinations now include a "Send Resolved notifications" toggle that lets you stop receiving resolved emails for Incidents, Escalations, and Platform Actions notifications. The setting works at both the global and per-category level — disable it globally to suppress all resolved emails, or use per-category overrides for more granular control. Existing integrations are unaffected and will continue sending resolved emails unless a user explicitly opts out.

We have added new endpoints to the Reseller API to facilitate programmatic access to billing data. The new endpoints enable resellers and distributors to automate billing of Huntress products without having to use manual approaches with spreadsheets and CSV files. These endpoints allow for the retrieval of a full invoice index, specific invoice details, and granular line-item breakdowns for both account-level and organization-level usage. Please see Huntress’ API docs linked below for further details.

The Huntress Accounts API endpoint now allows partners and resellers to programmatically retrieve the total number of Neighborhood Watch licenses allocated to an account. To learn more and see a sample of the output, check out the API docs.

We’re excited to announce the Attack Disruption Engine in Managed EDR for Windows. When threat actors find gaps that allow them to land on an endpoint and launch attacks, they move with speed and purpose, whether to steal data or ransom an organization. The Attack Disruption Engine is built to disrupt the attack and create friction for the attacker, buying time for the Huntress SOC to go to work containing and remediating the threat before damage can be done. To learn more, check out this blog that goes into more detail.