We migrated ticketing systems!

If you would like to check on the status of a ticket, please visit huntress.zendesk.com.

For the time being, our documentation will stay the same, we will make a hard cutover when all the documentation is ready. The Huntress Support site will continue to be support.huntress.io, it will just come with a new look and feel.

Click here to check the status of a ticket


Understanding Huntress Incidents

After a Huntress Analyst opens an Investigation and finds that an Autorun may be malicious an infection report is created. Once the infection report is completed, it will be delivered as an incident report through your configured integrations (see Managing Huntress Integrations).

In this article

1.Click on the Incident tab from the Huntress Dashboard

2.Click on the Subject of the Report

3. You will be taken to the Incident Report page which includes tabs for the Report, Remaining Footholds, and Remediation

Severity Levels

Each Incident will be labeled with a severity level, Low, High, or Critical. The severity level will be identified at the top of the report

Critical - Malware that can spread through-out a network or ransomware
High - Keyloggers or other malware that effects a single host
Low - These are potentially unwanted programs, browser add-ons, freeware type (malware artifacts also fall in this category)


The Report tab will include recommendations on how to best remediate the Incident. We recommend first thoroughly reading through the report prior to following remediation steps, as sometimes certain user profiles must be logged in for remediation to be successful. More information on scenarios where manual remediation is the best option can be found here: Manual Remediation

The Remediations tab shows whether each remediation is complete, in progress, not completed, or failed. To learn more about common reasons remediations fail, follow the link: Why is an Incident still Active if I remediated it?


If an Incident is eligible for Assisted Remediation you will have a green button to "Review Remediation Plan", clicking this button will give you a pop-up where you can approve or reject AR.

Find out more about using Assisted Remediation in this article: Using Assisted Remediation