SOCFortress Integrations — Huntress Labs

SOCFortress
3 min readFeb 29, 2024

Intro

SOCFortress integration and visualization tools allow security analysts the visualization and triage of Huntress EDR security events using a single pane of glass.

About Huntress Labs

Huntress Labs is a cybersecurity company that focuses on providing threat detection and response solutions for Managed Service Providers (MSPs) and small to medium-sized businesses (SMBs). The company’s mission is to help organizations detect and remediate advanced cyber threats that traditional antivirus solutions often miss.

Key aspects and features of Huntress Labs include:

  • Advanced Threat Detection: Huntress Labs offers a range of threat detection capabilities designed to identify and remediate advanced threats such as persistent malware, ransomware, and post-exploitation techniques used by attackers to maintain access to compromised systems.
  • Continuous Monitoring: The platform provides continuous monitoring of endpoints, servers, and network devices to detect and alert on suspicious activities and potential security breaches in real-time.
  • Agent-Based Architecture: Huntress utilizes lightweight agents deployed on endpoints to collect and analyze telemetry data, allowing for proactive threat hunting and detection without impacting system performance.
  • Human Analysis: Huntress Labs combines automated threat detection algorithms with human analysis by security experts to identify and respond to emerging threats effectively. This approach helps reduce false positives and provide accurate threat intelligence.
  • Threat Remediation: The platform offers guidance and recommendations for remediating identified threats, including step-by-step instructions and best practices for mitigating security risks and preventing future incidents.
  • Incident Response Support: Huntress Labs provides incident response support to help organizations investigate and contain security incidents effectively. The company’s security experts work closely with customers to analyze threat data, coordinate response efforts, and restore systems to a secure state.
  • Partner Program: Huntress Labs offers a partner program specifically designed for MSPs and IT service providers, allowing them to leverage the platform to enhance their cybersecurity offerings and protect their clients from advanced threats.
  • Compliance and Reporting: The platform provides compliance reporting capabilities to help organizations demonstrate adherence to industry regulations and security standards. It offers detailed reports and audit logs for regulatory compliance purposes.

Huntress Labs aims to empower organizations to take a proactive approach to cybersecurity by identifying and mitigating threats before they lead to data breaches or system compromises. By combining automated threat detection with human analysis and incident response support, the company helps organizations stay ahead of sophisticated cyber threats and protect their critical assets.

Ingesting Huntress EDR events and alerts

Huntress offers a RESTful API and API responses are formatted as JSON data.

Reference: https://api.huntress.io/docs#introduction

Visualizations

Huntress Alerts and Events:

Events by platform and severity:

Events by Indicator Type:

Remediation instructions provided by Huntress (Foothold detection example below):

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/

Contact Us: https://www.socfortress.co/contact_form.html

--

--

SOCFortress

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).