Changelog
Follow up on the latest improvements and updates.
RSS
Huntress has introduced improvements to Incident Reports to provide more visibility of all incident activity history. Reports now give you the complete history of any updates provided by the SOC. Now when a Report is updated the latest details will be at the top and previous updates will be shown below. There is also a "View Changes" button that will highlight the changes in each update.
The API Documentation Page has a number of new features that will make it easier and faster to get answers to your API questions and use the Platform API. Some of these features include:
- Simplified navigation and easy access to the OpenAPI doc via the top of the main page – https://api.huntress.io/docs
- The ability to generate sample API commands in many new languages including PowerShell
- Dark mode is now an option!
To ensure partners and customers always know who their Huntress contact is, and can easily reach out to them, the CAM name and contact information is now available in the Platform on the following pages:
- Within the self-serve "Contact Sales" workflow
- Billing & Invoices page
- Trial Manager
In order to provide more visibility of SOC actions being taken to contain a threat, preliminary Incident Reports are now being sent by the SOC when a host or identity is manually isolated.
The preliminary Incident Report informs partners and customers that the SOC is investigating an incident and took action to contain a threat, that the investigation is ongoing, and to expect a follow-up Incident Report. We are making this change so we can quickly contain a threat and provide context to partners and customers while minimizing the risk of an attack spreading as the SOC are actively investigating.
Users can now see error messages returned by an integrated PSA ticketing system in the Huntress Portal, as well as initiate a resend of any failed tickets.
We've updated the architecture back-end of SAT with two major changes:
- We now use learners' immutable IDs in their various directory systems rather than email address as primary ID. This allows for updates to email addresses in cases where someone changes their email address (such as in marital status changes.)
- We now support alternate email addresses on directory sync. This allows someone to report phishing from an alias associated with their account.
Managers have been asking to get alerts when their direct reports experience simulated compromise rather than waiting for a report to arrive at the end of the month (when their employee can say "I don't remember that.") Now they can. The notification has a 10 minute delay to allow the learner to finish Phishing Defense Coaching, so the manager has full context.
The Google API insertion for SAT transactional and phishing emails is now in general availability!
new
Managed EDR
Tamper Protection for Managed EDR for macOS is now live
Attackers are constantly trying to find ways to evade defenses on endpoints to avoid detection. Huntress has now enabled Tamper Protection on Managed EDR macOS agents to reduce the risk of an attacker bypassing EDR. This feature protects the macOS EDR agent, system extension, and other key Huntress files from being deleted, moved, or renamed, thus impacting agent visibility and performance. Like Tamper Protection on Windows endpoints, protection can be temporarily disabled for 4 hours through the Huntress Portal. This setting is found in the hamburger menu drop down > Settings > Tamper Protection > Tamper Protection Exclusions.
improved
Managed EDR
Enhanced Windows Firewall status in the Portal
Windows Firewall status in the Huntress Portal now shows more in-depth details for the three main profiles – Domain, Private, and Public – allowing you to see the status of each profile and its associated firewall.
Load More
→