Skip to main content

Manage Billable Products for Each Organization (Entitlements)

Melissa
  • Updated

Team: Huntress Managed Endpoint Detection and Response (EDR), Huntress Managed Security Information and Event Management (SIEM)
Environment: Huntress Platform
Summary: Provision Huntress products with granularity as needed to each organization. Sometimes referred to as "entitlements".


In This Article

Overview
Manage Your Billable Products
     Access the Management Page
     Disabling a Product
Billable Sources and Free Data
Why Can't I Manage ITDR and SAT for Organizations?

 

Overview

The Manage Billable Products feature allows you to manage and provision purchased Huntress security solutions at the organization level. This means you can create custom usage packages for Huntress organizations for each of your teams or clients.

Manage Your Billable Products

When a product is purchased, it defaults to Enabled for all organizations. If an organization should not have access, a Huntress user with an Admin role must manually disable it.

Access the Management Page

  1. Log in to Huntress and go to the Organizations page.
  2. Select the organizations you want and choose the Manage Billable Products to open the configuration panel.
  3. Make your changes and save.

Disabling a Product

Huntress Managed Endpoint Detection and Response (EDR) and Huntress Managed Security Information and Event Management (SIEM) can be disabled at the organization level. When you disable a product, several things will happen:

  • EDR
    • Any Agents already collecting EDR data for that organization will stop collection, but all artifacts related to those Agents would remain, like Incident Reports.
    • If an Agent is installed on an endpoint in an organization that doesn't have EDR enabled, we will notify account admins via email. These endpoints will not have EDR protection. We recommend uninstalling that Agent, if it happens.
  • SIEM
    • SIEM data collection from billable sources stops, but existing collected data would be retained as per your contract.
    • You won’t be able to add new billable SIEM data sources.
    • If an Agent is installed on an endpoint in an organization that doesn't have SIEM enabled, we will notify account admins via email. These Agents will not collect data. We recommend uninstalling that Agent, if it happens.

Managed Security Awareness Training (SAT) and Managed Identity Threat Detection and Response (ITDR) are purchased and managed at the Account level, not the organization

 

Billable Sources and Free Data

What Are Billable Sources?

  • EDR: Billable sources include any active Agents in organizations where EDR is enabled.
  • SIEM: Billable sources include all SIEM data sources except free sources (currently free ITDR logs, if ITDR is enabled and set up).

What Data Is Collected for Free?

  • ITDR logs are collected for free if ITDR is enabled and set up.
  • All other SIEM sources are billable.


Why Can’t I Manage ITDR and SAT for Organizations?

  • ITDR and SAT are managed at the account level rather than at the organization level.
  • These products collect and process data across the entire account, making per-organization configurations unnecessary.
  • Both products inherit the user grouping information from the identity provider during integration.

Related articles