Skip to main content

Huntress Email Integration

Cameron Granger
  • Updated

Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: Integrations
Environment: Platform, Notifications
Summary: Huntress can send Escalation and Incident reports, as well as Platform and Account notifications, directly to one or more specified email addresses. This article provides steps to locate and configure the Email Integration.

Overview

Huntress alerts can integrate seamlessly into your existing workflow, whether that's a PSA, SIEM, Ticket Tracking System, or Email Distribution List. Since most solutions can natively accept email-based reports (SMTP), a generic Email Integration was created. Huntress will automatically send alerts to one or more specified email addresses.

In this Article

 

Configuring the Email Integration

  1. Log in to Huntress.
    mceclip0.png
  2. Select the 3-bar options menu and choose Integrations from the list.
  3. To manage and configure your Email Integration, select the 3 dots in the Actions column and choose Edit Integration.
  4. Update or add multiple email addresses to the Default Notification Emails field. All email alert types will be sent to these recipients unless an override is created. See Overrides in this article for more information. 

 

Adding the Email Integration

In most cases, an Email Integration is automatically provisioned in the account. If it is not there, follow the steps below to add the Email Integration. Only one Email Integration is allowed per account. If the email option below is grayed out or unavailable to select, it's likely because one already exists in your account. If one exists, see the Configuring the Email Integration section in this article. 

  1. In the Huntress Portal, select the 3-bar options menu and choose Integrations from the list.
  2. Select + Add.
  3. Choose the Email Integration.
  4. Enter one or more email addresses in the Default Notification Emails field.
  5. Select Save.

 

Overrides and Notification Types

The Email Integration supports overrides that can route specific notification types to a different email address. All notifications will go to the default email addresses unless an override is configured. This section covers the different notification types and configuring overrides.

 

Notification Types

Huntress notifications are divided into four types: Incidents, Escalations, Platform Actions, and Account Notices. See our Huntress Platform and Alert Notifications article for more information on the different notification types. 

 

Configuring Overrides

  1. From your Integrations page, select the 3 dots next to the Email Integration and choose Edit Integration.
  2. Under Notification Types, select the Override Global Settings checkbox next to the notification type. 
  3. Enter one or more email addresses.
  4. Select Save. These emails will now override the default email address(s) for the chosen notification type. 

 

FAQs

 

How do I remove the Email Integration if I already have a PSA integration? 

The Email Integration can’t be removed. It is a mandatory fallback path to ensure you always receive critical alerts if your PSA integration ever fails. To help reduce noise, use an unmonitored inbox for default notices, but we still recommend a monitored inbox for Incident and Escalation reports. Additionally, disabling ‘resolved’ notifications will also help reduce notification noise. 

 

Why am I getting duplicate notifications/tickets? 

This can happen when both a PSA and the Email Integration are active and pointed to the same destination. To fix this, update the Email Integration to a different or unmanaged address. 

 

Why is the Email Integration option blocked/grayed out when I try to add?

It is likely that an Email Integration already exists in the account. Multiple recipients/emails can be added to the existing integration, but only one Email Integration is allowed per account.

 

How to add an Email Integration for an organization?

Organization-level notifications are not supported at this time. The Email Integration can only be added at the account level. This functionality is currently under review by our team. Use the link below to vote and track the request: https://feedback.huntress.com/integrations/p/set-email-integration-for-incident-reports-at-the-organization-level

A workaround can be accomplished with email rules. The email rule forwards or copies the incident report based on the organization name in the subject line to a different destination. NOTE: The links and URLs provided in some notifications and reports can only be accessed by Account Admins, and the recipient address may not be able to fully interact with them. For more information on parsing Huntress emails, see our Parse Incident Reports to Integrations (RMM, PSA, Email) article.

 

 

 

 

 

 

Related articles