EDR/ITDR Correlations Now Live!

We’re excited to share that we now provide EDR/ITDR Correlations for Huntress Managed EDR and Managed ITDR customers. EDR/ITDR Correlations is a capability that only Huntress can deliver because it requires both an endpoint agent and an identity detection platform operating on the same customer base.

So, how does it work? When Huntress Managed EDR detects an attack, like an infostealer, on a Windows endpoint, the platform automatically resolves that compromised machine to the Microsoft 365 cloud identities that were logged in on it. That context isn’t surfaced hours later in a separate tool or buried in logs. It appears directly inside the EDR Incident Report, alongside the endpoint findings.

From there, Managed ITDR does what it’s designed to do: it enables immediate, guided remediation of those identities. Revoke sessions. Disable accounts. Contain the blast radius before stolen credentials can be used.

Crucially, this approach bypasses one of the biggest bottlenecks in identity security: log latency. Rather than waiting for audit logs to be generated, ingested, normalized, and analyzed, EDR/ITDR Correlations use direct endpoint evidence to infer identity risk almost instantly. Read more here: https://www.huntress.com/blog/edr-itdr-correlations