Product: ITDR: Huntress Managed Identity Threat Detection and Response
Environment: Unwanted Access
Summary: This article provides instructions on how to resolve an Unwanted Access escalation via the Huntress portal. Unwanted Access escalations can also be resolved through the Huntress REST API.
Escalation Receipt
Huntress users receive escalation notifications from Huntress via their configured email or PSA ticketing integrations. Escalation notification routing can be configured for specific mailboxes and ticket boards. Learn more about configuring notifications by reading Huntress Platform and Alert Notifications.
Escalations appear in the Huntress dashboard in the top navigation bar.
Unwanted Access Escalation Resolution
Huntress escalations can be resolved via ticket, within the Huntress portal, or via the Huntress REST API.
Within the Huntress portal, users can navigate to the Escalations page via the top navigation bar. ITDR Unwanted Access Unexpected Country escalations can also be accessed via the Unwanted Access dashboard by interacting with the Login Events map.
From within the Escalations view in the Huntress portal, users can sort and filter open escalations.
The respond section in the escalation body allows the Huntress user to resolve the escalation. The escalation can be resolved by using the Resolve Actions buttons or by clicking the Respond dropdown in the individual identity rows.
The Resolve Actions allow users to resolve the escalation at the account or organization level by creating an Unwanted Access rule.
The Respond dropdown allows users to respond to individual identity escalations only.
Refer to the Unwanted Access Overview article to understand the differences between Unauthorized, Expected, and Dismiss escalation resolution workflows.