Team: Huntress Mananged Endpoint Detection and Response (EDR)
The Huntress Threat Report provides partners a high-level overview of what Huntress has done for them over the previous month or quarter. The reports include summary threat data from EDR and Microsoft 365 products, highlighting events analyzed by the platform, investigations conducted by our 24x7 SOC, and incidents reported.
All reports are in a YYYY-MM-DD format.
In this article
Threat Report Overview Definitions
- Events Analyzed: Represents all the data ingested and analyzed by the Huntress Platform. This includes automated analysis and in some cases an actual human hunting through the telemetry events, looking for suspicious behaviors. Events include autoruns, monitored canary files, EDR antivirus events, EDR process events, Microsoft 365 cloud events, and other telemetry sources.
-
Signals Detected: Each month 100s-1000s of signals can be detected via automated and human analysis, but not all signals are the same. A majority of signals are low fidelity, used for contextual purposes only and do not require investigations when detected in isolation. However, in context with other higher fidelity, suspicious signals then become useful for discovering attacker tradecraft. Signals that are detected, but not investigated are not currently visible in the Huntress UI.. Learn more about signals here.
- Signals Investigated: These are the potential security threats that a Huntress SOC Analyst manually investigated to determine malice before making a reporting decision. Signals are the leads that kick off a cyber investigation within the Huntress SOC. When a high fidelity, suspicious signal enters the triage queue it will be investigated by a SOC analyst.
-
Incidents Reported: Each report communicates a likely compromise to one of your managed endpoints or identities. One or more Signals Investigated was indicative of malicious behavior leading to an incident report. Remember, not all signals are reported (see Investigation Context).
Huntress Services Detailed in Threat Reports
Huntress provides Partner administrators with a detailed Monthly, Quarterly and Custom Threat Report. The report includes summary data from all Huntress organizations within the account and breaks down the data by each Huntress service:
- Persistent Footholds
- Ransomware Canaries
- Managed Antivirus
- Process Insights
- Huntress Managed Identity Threat Detection and Response (ITDR)
- Incident Reporting, including an Incident Summary and Log
Detailed Summary Reports for Organizations
Toggling this option affects the data presented to you when generating reports for organizations under your account. When this option is OFF, reports for organizations under your account are abridged. When this option is ON, reports for organizations under your account will generate a full data set.
This setting can be changed via the Huntress portal > Top right dropdown menu > Settings > Scroll down to “Detailed Threat Summary Reporting”
Sample Report
Accessing and Running Reports
You have the option to get a report for your account and an individual report for each of your organizations.
Automatically Sending Reports
You have the option to automatically send reports to specified users.
On the Organizations view, click the pencil icon to edit the settings for the organization you want to automatically send reports to.
On the Organization Settings page, enter the email addresses to send the reports to and click Save.
Cobranding Reports and Adding Your Logo
Huntress gives you the ability to add your own logo to Huntress Reports.
Following the steps for Cobranding Marketing Material and your logo will be reflected on reports as well.