Feb 1, 2023: As part of our continuous engineering effort to scale our systems, we uncovered an issue that may have miscounted the number of raw event changes analyzed. This issue has been fixed going forward which may mean that your changes analyzed quantity may appear to be out of typical ranges. There was no impact to number of potential threats indicators, in-depth investigations, or incidents reported.

The Huntress Monthly/Quarterly reports are provided to give you a high-level overview of what Huntress has done this month/quarter. The reports include data from foothold detection, Ransomware Canaries, and Managed AV.

Report Overview

• Changes Analyzed: number of autorun changes across all hosts within the organization that Huntress saw. Autoruns are programs configured to run at system boot or login. These change as applications are added/removed/updated. Excludes all processes analyzed.

• Potential Threat Indicators: all of the potential threats that Huntress reviewed. This includes all autoruns that Huntress had not seen before, tripped Ransomware Canaries,  Process Insights detections, and a subset of Managed AV (MAV) detections that were not auto remediated.

• In-Depth Investigations: number of investigations completed. Investigations are opened when automated analysis determines a potential threat needs to be reviewed by an analyst. Investigations are also opened if an analyst determines a threat looks suspicious when reviewing new autoruns or MAV detections.

• Incidents Reported: number of incident reports sent. (Incident reports consist of one or more malicious autoruns, a tripped Ransomware canary, a MAV detection, or a malicious process detection.)

Detailed Summary Reports for Admins

Huntress provides Partner administrators with a detailed Monthly, Quarterly and Custom Threat Summary Report. The report includes summary data from all Huntress organizations within the account and breaks down the data by each Huntress service:

• Persistent Footholds
• Ransomware Canaries
• Managed AV
• Incident Reporting, including an Incident Summary and Log

Detailed Summary Reports for Organizations

Toggling this option affects the data presented to you when generating reports for organizations under your account. When this option is OFF, reports for organizations under your account are abridged. When this option is ON, reports for organizations under your account will generate a full data set.

Sample Report:

Accessing Reports

You have the option to get a report for your account and an individual report for each of your organizations.

To access the reports:

1. Click the account/organization dropdown
2. Select your account or the organization you want a report for
3. Click the reports view 

From the reports view, you can select the report you want to view or generate a preview for the current quarter/month.

Running Custom Reports

First go to the drop down menu and select custom date range

From there you will be given the option to choose a date range and run a custom report

Note! If a custom report is run and the end date hasn't ended (UTC/Z), the report will show "processing" until the date has passed.

Automatically Sending Reports

You have the option to automatically send reports to specified users.

On the Organizations view, click the pencil icon to edit the settings for the organization you want to automatically send reports to.

On the Organization Settings page, enter the email addresses to send the reports to and click Save.

Cobranding Reports/Adding your logo

Huntress gives you the ability to add your own logo to Huntress Reports.

Following the steps for Cobranding Marketing Material and your logo will be reflected on reports as well.