We migrated ticketing systems!

If you would like to check on the status of a ticket, please visit huntress.zendesk.com.

For the time being, our documentation will stay the same, we will make a hard cutover when all the documentation is ready. The Huntress Support site will continue to be support.huntress.io, it will just come with a new look and feel.

Click here to check the status of a ticket



Top

Footholds: Huntress Threat Operations Workflow

Ever wondered what a Huntress ThreatOps Analyst's workflow looks like? Below is the process of autoruns after a survey is sent back to Huntress. 

Huntress monitors all autoruns on machines with Huntress installed. Each foothold is reviewed by our automated processing to determine if it is something we have seen before. If a foothold/autorun is new to the Huntress database, a ThreatOps Analyst begins a "review" which could lead to an investigation and even an incident report

Automated Analysis - Huntress automatically classifies known good and bad software. 

Human Review (something new to Huntress) - a Threat Analyst will take a look at the new file and determine if it's good or bad

Investigate (something suspicious or classification of goodware) - Investigations are done by Threat Analysts. They will often download the suspicious files and pull them apart to determine what the software is doing

Report - Should a Threat Analyst Investigation (or Automated Analysis) yield something malicious, a report is generated, a ThreatOps Analyst gives it one more review before sending off an incident report to your integrations