Appearance
Huntress Setup
Huntress is a managed security platform that provides Endpoint Detection and Response (EDR), Identity Threat Detection and Response (ITDR), and Security Information and Event Management (SIEM). Once connected, Junto can query security detections, review analyst-escalated incidents, audit endpoint agents, monitor identities, and search SIEM logs.
Prerequisites
- A Huntress account with API access
- An API key and API secret generated from the Huntress portal
Step 1: Generate API Credentials
- Log in to the Huntress portal.
- Navigate to your account settings and locate the API section.
- Generate an API key and API secret pair.
- Copy both values. They will not be shown again.
Step 2: Configure in Junto
- In Junto, go to Settings > Integrations > Huntress.
- Click Add Configuration and fill in:
- API Key -- Your Huntress API key. This is encrypted before storage.
- API Secret -- Your Huntress API secret. This is encrypted before storage.
- Click Create. Junto validates the connection by querying your Huntress account.
Step 3: Map Companies
Huntress organizes customers into organizations (sub-tenants). Each MSP client is typically a separate Huntress organization.
- After connecting, click Manage Mappings to open the company mapping dialog.
- Link each Junto company to its corresponding Huntress organization.
- Auto-map is available to match by name.
- Save mappings.
Module Availability
Huntress capabilities are organized into modules. The tools available to the AI agent depend on which modules are active in your Huntress account:
| Module | What It Covers |
|---|---|
| EDR | Endpoint agents, incident reports, remediations, external port scanning |
| ITDR | Identity monitoring, MFA compliance, user account security |
| SIEM | Log ingestion, ES|QL queries, security event correlation |
The agent automatically checks which modules are active before using module-specific tools. If a module is not active, the agent will inform the technician.
What the AI Agent Can Do
All Huntress tools are read-only. There are no write or mutation actions -- the agent can investigate and report but cannot make changes in Huntress.
Security Detections & Escalations
| Tool | Description | Risk Level |
|---|---|---|
| List Detections | List recent security detections across the account or for a specific customer | Low |
| Get Detection | View detailed information about a specific security detection | Low |
| List Escalations | List analyst-reviewed incidents escalated to the MSP for action, filterable by status and severity | Low |
| Get Escalation | View full details of a specific analyst-escalated incident | Low |
Escalations are the most critical items in Huntress -- they represent threats that have passed both automated detection and human analyst review.
Organizations & Reports
| Tool | Description | Risk Level |
|---|---|---|
| List Organizations | List Huntress customer sub-tenants with agent counts and incident statistics | Low |
| Get Organization | View details of a specific Huntress customer sub-tenant | Low |
| List Summary Reports | List analyst-generated summary reports with security metrics and notes | Low |
| Get Summary Report | View a full summary report including agent counts, events analyzed, and analyst findings | Low |
Summary reports are useful for QBR preparation and security posture reviews.
EDR: Endpoint Agents
| Tool | Description | Risk Level |
|---|---|---|
| List Agents | List EDR agents with hostname, OS, IP addresses, and Defender/firewall status | Low |
| Get Agent | View full details of a specific endpoint agent | Low |
EDR: Incident Reports & Remediations
| Tool | Description | Risk Level |
|---|---|---|
| List Incident Reports | List confirmed security incidents on managed endpoints, filterable by status | Low |
| Get Incident Report | View full incident report including severity and indicator details | Low |
| List Remediations | View recommended remediation steps for a specific incident report | Low |
EDR: External Ports
| Tool | Description | Risk Level |
|---|---|---|
| List External Ports | List externally-exposed ports discovered by Huntress recon scanning, with risky service flags | Low |
| Get External Port | View details of a specific exposed port | Low |
Use external port tools for attack surface assessments and identifying exposed services.
ITDR: Identity Monitoring
| Tool | Description | Risk Level |
|---|---|---|
| List Identities | List user accounts monitored by Huntress ITDR with MFA status and enabled products | Low |
| Get Identity | View full details of a specific monitored identity | Low |
Use identity tools for MFA compliance audits and identity security reviews.
SIEM: Log Queries
| Tool | Description | Risk Level |
|---|---|---|
| SIEM Query | Execute ES|QL queries against Huntress SIEM log data within a specified time range | Low |
Use SIEM queries for log analysis, threat hunting, and correlating security events across data sources.
Troubleshooting
- Connection fails -- Verify your API key and secret. Ensure they have not been revoked.
- No organizations listed -- Confirm your API credentials have sufficient permissions to view organizations.
- Module tools return empty results -- The module may not be active in your Huntress account. The agent checks module availability automatically and will report if a module is inactive.
- Agent not found -- Check that the company mapping is correct and the endpoint has the Huntress agent installed.