Skip to content

Latest commit

 

History

History
87 lines (71 loc) · 7.02 KB

File metadata and controls

87 lines (71 loc) · 7.02 KB

Huntress integration

{% hint style="info" %} If you’re new to integrations in Rewst, read through our introductory integration documentation here. {% endhint %}

What does the Huntress integration do?

Our Huntress integration enables the automation of threat detection and response. Use the Huntress API within Rewst to manage incident reports and billing, and access detailed data for organizations and agents.

Set up the Huntress integration

{% hint style="info" %} To enable the REST API Within your Huntress Account you may need to contact Huntress support.. You can find more about this process here. {% endhint %}

Set up steps in Huntress

  1. Log in to your Huntress account.
  2. Click > API Credentials.
  3. Click +Add under User API Credentials. This will open a new dialog.
  4. Ensure that the correct user is selected, then click Create.

  5. Copy both the API key and API secret and store them somewhere secure. You'll need this information for further steps in Rewst. Note that after you close the dialog that contains these values, you won't be able to see them again.

Set up steps in Rewst

Follow the below steps to configure a new integration:

  1. Navigate to Marketplace > Integrations in the left side menu of your Rewst platform.
  2. Search for Huntress in the integrations page.
  3. Click on the integration tile to launch the configuration setup page.

  4. Under Parameters, enter the information copied from Huntress into its relevant fields:
    1. Private API Key
    2. Public API Key
  5. Click Save Configuration.
  6. Rewst will do a quick validation of your input. Once completed, you'll see a new section beneath the configuration form for organization mapping. Complete your mapping as desired.

{% hint style="success" %} Got an idea for a new Integration? Rewst is constantly adding new integrations to our integrations page. Submit your idea or upvote existing ideas here in our Canny feedback collector. {% endhint %}

Actions and endpoints

{% hint style="info" %} For more on how actions work in Rewst, check out our introductory actions documentation here. {% endhint %}

Description Method Endpoint
List organizations GET /v1/organizations
List agents GET /v1/agents
List billing reports GET /v1/billing_reports
List reports GET /v1/reports
List incident reports GET /v1/incident_reports
List memberships GET /v1/memberships
Get a specific organization GET /v1/organizations/{id}
Get a specific agent GET /v1/agents/{id}
Get a specific incident report GET /v1/incident_reports/{id}
Get a specific report GET /v1/reports/{id}
Get a specific billing report GET /v1/billing_reports/{id}
Get current account info (test action) GET /v1/account
Create a new account (reseller) POST /v1/accounts
Create a new organization POST /v1/organizations
Create org under a specific account POST /v1/accounts/{account_id}/organizations
Resolve an incident report POST /v1/incident_reports/{id}/resolution
Resolve incident report (reseller) POST /v1/accounts/{account_id}/incident_reports/{id}/resolution
Bulk approve remediations POST /v1/incident_reports/{id}/remediations/bulk_approval
Bulk approve remediations (reseller) POST /v1/accounts/{account_id}/incident_reports/{id}/remediations/bulk_approval
Bulk reject remediations POST /v1/incident_reports/{id}/remediations/bulk_rejection
Bulk reject remediations (reseller) POST /v1/accounts/{account_id}/incident_reports/{id}/remediations/bulk_rejection
Invite user to org/account POST /v1/memberships
Invite user (reseller) POST /v1/accounts/{account_id}/memberships
Resolve an escalation POST /v1/escalations/{id}/resolution
Permanently disable account (irreversible) DELETE /v1/accounts/{account_id}
Delete organization & uninstall agents DELETE /v1/organizations/{id}
Delete org (reseller) DELETE /v1/accounts/{account_id}/organizations/{id}
Delete a membership DELETE /v1/memberships/{id}
Delete membership (reseller) DELETE /v1/accounts/{account_id}/memberships/{id}
Generic authenticated API request * (any)

Reply…Also send to squad-ecosystem