Product: ITDR: Huntress Managed Identity Threat Detection and Response
Environment: Unwanted Access
Summary: This article provides instructions on how to create Unwanted Access configuration rules. Unwanted Access configuration rules can also be created through the Huntress REST API.
Rule Creation
Refer to the Unwanted Access Overview article for more information on what configuration rules are and how they affect your Huntress ITDR environment. Unwanted Access configuration rules can be created and managed through the Unwanted Access dashboard, through the Unexpected Login Escalation resolution workflow, or via the Huntress REST API.
From the Huntress portal, navigate to the Unwanted Access dashboard from the left navigation bar.
The ITDR Unwanted Access dashboard is the primary view for ITDR's Unwanted Access capability. Configuration rules can be managed by clicking either the Managed VPN Rules or Manage Country Rules buttons in this dashboard.
The Unwanted Access Rules view provides an overview of the account or organization's Location Rules, VPN Rules, and IP Rules. Rules can be modified and added for each category within each tab. Expected rules can have start and end dates set to incorporate end user travel.
From the rule page, click the Add Rule button to add a new configuration rule.
VPN and country rules can be created at the account, organization, or identity level. VPN and country rules can be set to Expected or Unauthorized.
IP rules can be created at the account, organization, or identity level. IP rules can be created for specific IP addresses or for IP address CIDR blocks. IP rules can only be set as Expected.
Expected rules can optionally have a start and end date. By default, Expected rules are set to never expire.