Skip to main content

Monthly/Quarterly Threat Reports

Tyler Benson
  • Updated

June 26, 2023: Previously, dates listed in all reports were shown in the MM-DD-YYYY format. Going forward, reports are now shown in the YYYY-MM-DD format, which is a better international standard. In the future, we may allow users to select their preferred date formats for reports.

The Huntress Monthly/Quarterly reports are provided to give you a high-level overview of what Huntress has done this month/quarter. The reports include data from foothold detection, Ransomware Canaries, and Managed AV.

In this article

Report Overview

mceclip0.png

  • Changes Analyzed: number of autorun changes across all hosts within the organization that Huntress saw. Autoruns are programs configured to run at system boot or login. These change as applications are added/removed/updated. Excludes all processes analyzed.

  • Potential Threat Indicators: all of the potential threats that Huntress reviewed. This includes all autoruns that Huntress had not seen before, tripped Ransomware Canaries,  Process Insights detections, and a subset of Managed AV (MAV) detections that were not auto remediated.

  • In-Depth Investigations: number of investigations completed. Investigations are opened when automated analysis determines a potential threat needs to be reviewed by an analyst. Investigations are also opened if an analyst determines a threat looks suspicious when reviewing new autoruns or MAV detections.

  • Incidents Reported: number of incident reports sent. (Incident reports consist of one or more malicious autoruns, a tripped Ransomware canary, a MAV detection, or a malicious process detection.)

Detailed Summary Reports for Admins

Huntress provides Partner administrators with a detailed Monthly, Quarterly and Custom Threat Summary Report. The report includes summary data from all Huntress organizations within the account and breaks down the data by each Huntress service:

  • Persistent Footholds
  • Ransomware Canaries
  • Managed AV
  • Incident Reporting, including an Incident Summary and Log

Detailed Summary Reports for Organizations

Toggling this option affects the data presented to you when generating reports for organizations under your account. When this option is OFF, reports for organizations under your account are abridged. When this option is ON, reports for organizations under your account will generate a full data set.

Detailed_Organization_Reporting.png

Sample Report:

gif.gif

 

Accessing Reports

Accessing_Reports.pngYou have the option to get a report for your account and an individual report for each of your organizations.

To access the reports:

  1. Click the account/organization dropdown
  2. Select your account or the organization you want a report for
  3. Click the reports view 

From the reports view, you can select the report you want to view or generate a preview for the current quarter/month.

mceclip3.png

Running Custom Reports

First go to the drop down menu and select custom date range

mceclip0.png

From there you will be given the option to choose a date range and run a custom report

mceclip1.png

Note! If a custom report is run and the end date hasn't ended (UTC/Z), the report will show "processing" until the date has passed.

Automatically Sending Reports

You have the option to automatically send reports to specified users.

sending.pngOn the Organizations view, click the pencil icon to edit the settings for the organization you want to automatically send reports to.

orgsettings.pngOn the Organization Settings page, enter the email addresses to send the reports to and click Save.

Cobranding Reports/Adding your logo

Huntress gives you the ability to add your own logo to Huntress Reports.

Following the steps for Cobranding Marketing Material and your logo will be reflected on reports as well. 

Comments

0 comments

Please sign in to leave a comment.

Related articles