Latest Updates

The Unwanted Access Rules API is now available, exposing endpoints to list, create, update, and delete rules that govern how Huntress responds to identity access attempts by country or VPN. Rules can be scoped to the account, an organization, or a specific identity with expected or unauthorized determinations and optional starts_at / expires_at schedules. This allows API users to automate managing ITDR unexpected access rules. See the API docs: https://api.huntress.io/docs#tag/unwanted-access-rules

We’re excited to share that we now provide EDR/ITDR Correlations for Huntress Managed EDR and Managed ITDR customers. EDR/ITDR Correlations is a capability that only Huntress can deliver because it requires both an endpoint agent and an identity detection platform operating on the same customer base. So, how does it work? When Huntress Managed EDR detects an attack, like an infostealer, on a Windows endpoint, the platform automatically resolves that compromised machine to the Microsoft 365 cloud identities that were logged in on it. That context isn’t surfaced hours later in a separate tool or buried in logs. It appears directly inside the EDR Incident Report, alongside the endpoint findings. From there, Managed ITDR does what it’s designed to do: it enables immediate, guided remediation of those identities. Revoke sessions. Disable accounts. Contain the blast radius before stolen credentials can be used. Crucially, this approach bypasses one of the biggest bottlenecks in identity security: log latency. Rather than waiting for audit logs to be generated, ingested, normalized, and analyzed, EDR/ITDR Correlations use direct endpoint evidence to infer identity risk almost instantly. Read more here: https://www.huntress.com/blog/edr-itdr-correlations

A new role has been introduced in the Platform that allows account admins to create users with permissions limited to onboarding and offboarding organizations. This role is designed for partner staff and API keys used in managing the lifecycle of organizations. The role ensures specific tasks can be done while limiting the scope of required access.