Escalations
Escalation Overview KB
An Escalation is used to notify Huntress account administrators that a situation requires their attention. These are NOT active incidents. Below are some common use cases:
- The Huntress security platform is unable to send incident reports to your PSA system, and we need you to reconfigure the integration.
- SOC suspects that an application being flagged as malicious is a false positive and we want to get your authorization to allow-list the application moving forward.
- A potential threat flagged by Managed Antivirus requires additional information (file path details, etc.) in order for Huntress to provide actionable assisted remediation steps.
- A login event occurred from an unexpected country or VPN, and Huntress would like partner feedback on whether that event should be expected or unauthorized.
Every Escalation will include a question for the account admin and an associated workflow to respond or resolve the Escalation. Escalations are not incident reports, however they do have severities (low, high, critical) associated with them that dictate an expected response time. If no response is received, account administrators will be re-notified.
Unexpected login escalations are resolved when a rule is created for the associated identity, organization, or account.
Please note: In rare circumstances, it is possible to receive an escalation and an incident report for the same event.
Incident reports
Incident Reports Overview KB
Incident reports are sent after the SOC has investigated a signal(s) in an environment that are indicative of malicious activity. Incident reports are part of either our EDR product or our ITDR product and should be treated with urgency.
Comments
0 comments
Please sign in to leave a comment.