We migrated ticketing systems!

If you would like to check on the status of a ticket, please visit huntress.zendesk.com.

For the time being, our documentation will stay the same, we will make a hard cutover when all the documentation is ready. The Huntress Support site will continue to be support.huntress.io, it will just come with a new look and feel.

Click here to check the status of a ticket


Why am I receiving incident reports for offline/decommissioned hosts

All Huntress data is archived and can be classified at any time. When a threat is found that was not previously seen, the team will search for this threat on all hosts, including the archived data from offline or decommissioned hosts.

When one of our ThreatOps analysts categorizes a new malicious (or potentially malicious) threat the entire Huntress database will be searched (including archived data) to identify whether the threat is present on other hosts. 

Investigations utilize the most recent survey received from an agent, regardless of when it was received. The analysts will then retroactively send reports on all hosts with the identified threat.

If you receive an incident report for a host that has been offline or If the host has been decommissioned you can remove it from Huntress (which will also close this incident) by following the instructions found here: Uninstalling the Huntress Agent

You can also request that we manually close the report by contacting us at: support@huntress.io