Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: Managed Defender
Environment: Windows
Summary: Details on the Incident Reports sent by Huntress SOC analysts around Defender for Endpoint
*As of 7/13/2024: Note that this is currently in Beta. If you would like to try out the integration, please reach out to your Huntress account manager.
The Huntress SOC team can currently only generate Incident Reports for Defender for Endpoint for hosts with both Defender for Endpoint enabled as well as the Huntress Agent installed and running.
If the Huntress Agent is not installed on a host, Huntress SOC cannot send incident reports, even if Defender for Endpoint is enabled and running on the host.
What does Huntress SOC review?
- Medium and High severity events ingested by the integration will automatically be triaged by the Huntress SOC team. Signals will be automatically generated for reporting purposes.
- Low severity events will be used to provide context to the SOC team around possible threats when responding to other incidents on a given endpoint.
- Huntress SOC will only triage events from Microsoft Defender for Endpoint and Defender Antivirus detection sources.
- While data may be presented in the Events feeds of Defender for Endpoint, Huntress SOC cannot currently triage events from tools like Mobile Threat Defense, Defender for Office 365, Defender Threat Expert, or other custom detections that may be available.