Changelog
Follow up on the latest improvements and updates.
RSS
new
Managed ITDR
Managed SIEM
Managed ITDR for GWS: Logs Now Ingested by Huntress SIEM
We're excited to share our latest update to Managed ITDR for Google Workspace (GWS): GWS logs can now be stored in the Huntress SIEM.
Similar to our Microsoft 365 log storage in SIEM, GWS logs can be stored in our SIEM - at no extra cost - for a period of up to one year. Data ingested includes all GWS login events, such as successful logins, failed logins, logouts, verifications, etc.
All GWS-relevant KBs (ITDR FAQ and Understanding the Differences Between ITDR for Microsoft 365 and GWS) have been updated to reflect that ITDR GWS logs are now ingested by our SIEM.
improved
Managed EDR
macOS EDR Agent Installation Improvements
The Huntress Configuration Wizard on macOS has been redesigned with a clearer, faster setup flow to make installation quicker and easier. All required setup steps in sequence - system extension approval, Full Disk Access, network filter - are now shown on a single scrollable page with guidance. You no longer have to navigate through a series of individual screens. You can see where you are, what's left, and which steps are completed at a glance.
MDM-managed endpoints get a dedicated view. The Configuration Wizard now shows a focused summary of any pending steps, with clear visual indicators, rather than the full manual setup flow.
improved
Managed EDR
Managed EDR improvements with our Defender for Endpoint integration
Comprehensive coverage of EDR, and MDE when used, is critically important to protect every endpoint. To give better visibility into the state of EDR and MDE coverage, Huntress has updated the Command Center in the Platform portal to make it easier to see MDE tenant health, configuration errors, and gaps where the Huntress agent or MDE is not installed.
What’s new:
- A new widget shows the percentage of endpoints running MDE that lack the Huntress agent, using color coding to highlight at-risk environments.
- An Account-level view summarizes the health of all MDE tenants at once, rather than requiring them to be checked individually.
- If data stops flowing from Microsoft to Huntress, a new alert icon and clearer language indicates an issue.
- Simplified filters and click-through paths help you jump directly from a "warning" to the specific endpoint that needs a fix.
Partners can now exclude Google Workspace student organizational units from ITDR billing and detection, ensuring K-12 and higher education partners only pay for and monitor staff and faculty identities.
- Student OU Exclusions– Contact your account manager with your student organizational unit information to exclude student identities from billing and detection.
- Billing & Signal Filtering– Excluded identities are automatically removed from both billing calculations and signal generation, so you only pay for the identities that matter.
- Audit Trail– All exclusion changes are logged for compliance and visibility.
Huntress Managed Identity Security Posture Management (ISPM) is now in free Early Access for qualifying Huntress partners and customers using Managed ITDR in Microsoft 365. Managed ISPM continuously hardens your Microsoft 365 environment so attackers have fewer chances to abuse misconfigurations and over-permissioned users.
Eligible admins will see a new Managed ISPM Early Access experience in the Huntress portal and can self-enroll there.
During Early Access, you get:
- Huntress-managed identity controls for Microsoft Entra ID. Protecting settings for MFA, admin accounts, passwords, standard users and guests.
- Conditional Access policy management along with recommended templates.
- Drift detection within minutes and Continuous Enforcement, so you stay aligned with best practices.
- The ability to quickly rollback changes if needed.
We’re focusing first on the misconfigurations attackers exploit most, using SOC insights from millions of identities so you can strengthen Microsoft 365 posture without building and maintaining your own baselines.
Your feedback shapes what we build. Add requests in Canny for Managed ISPM or provide feedback to your Huntress Account Manager.
new
Managed ITDR
Managed ITDR for Google Workspace GA Released
We’re excited to announce that Managed ITDR for Google Workspace is now generally available! Managed ITDR for GWS extends Huntress’ 24/7, human-led identity threat detection and response into GWS environments, delivering the same outcome-driven protection our customers rely upon in their Microsoft 365 environments. Some high-value detections available today:
- Unexpected Login Activity -we watch for authentication patterns that don’t fit - risky networks, unusual geographies, or infrastructure commonly abused by threat actors. When those signals appear, our analysts quickly revoke sessions and remove attacker access.
- Shady Inbox Rules -we detect Gmail rule changes, and our analysts remove them, shutting down one of the most common persistence techniques attackers rely on.
- Malicious Datacenter Infrastructure -we track login activity tied to datacenter providers and ASNs commonly used in attacks, surfacing suspicious access earlier in the attack chain.
And this is just the beginning. We’ll continue to update you with expanding detection coverage and response capabilities across GWS as they’re released.
Please see our new and updated KB articles on ITDR for GWS:
- https://support.huntress.io/hc/en-us/articles/49300628099859-Understanding-the-Differences-Between-ITDR-for-Microsoft-365-and-ITDR-for-Google-Workspace
- https://support.huntress.io/hc/en-us/articles/19133104595475-Billable-and-Non-billable-Identities
- https://support.huntress.io/hc/en-us/articles/49463229642771--Google-Workspace-Huntress-Identity-Isolation-for-ITDR-for-Google-Workspace
Account admins can now configure one or more email recipients to automatically receive monthly and quarterly reports for the account. To enable emails, the report page for the account in the Platform portal now has a "Manage Recipients" button like the one for an organization.
To make it easier to filter and use automations, email and PSA subject lines now include the Huntress product and organization name.
Huntress [Product - EDR, ITDR, SIEM, ISPM, ESPM, SAT] [Severity] [Category] | [Description] ([Organization])
Example: Huntress EDR Critical Escalation | Suspicious Process on HOST01 (Acme Corp)
- The product name applies to all notification categories (i.e., Incident Reports, Escalations, Platform Actions, and Account Notices). The name is omitted when the product cannot be determined.
- Organization name is new for Escalations and Platform Actions, matching the existing Incident Report convention. The organization name is omitted when the notification spans multiple organizations or has no organization association.
- Both changes affect email subject lines and PSA ticket titles across all supported integrations. If you parse notification subjects for routing or using automation, please update your rules to account for the new format.
improved
API
External Recon data is now available via API
External Recon in Managed EDR provides visibility into an organization’s external attack surface by identifying open ports and services exposed to the Internet. We have released two new API endpoints for querying data from External Recon. Each record includes the IP address, port, protocol, detected service, and a risky_service flag. Details are available in the API docs:
Resellers can now programmatically manage product subscriptions for their managed accounts via the new /v1/reseller/subscriptions endpoints. This endpoint supports creating, retrieving, updating, and upgrading subscriptions for Managed EDR, ITDR, SAT, and SIEM with standard terms and pricing. Please see the API docs for more details.
Load More
→