From 5756090afdb3f03c1d36d031d83121a474621647 Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Thu, 9 Apr 2026 14:53:36 +0100 Subject: [PATCH 01/13] huntress commit --- plugins/Huntress/v1/dataStreams/agents.json | 67 ++++++++++++++++++ .../v1/dataStreams/incident_reports.json | 62 ++++++++++++++++ .../v1/dataStreams/organizations.json | 42 +++++++++++ .../Huntress/v1/defaultContent/agents.json | 33 +++++++++ .../Huntress/v1/defaultContent/incidents.json | 33 +++++++++ plugins/Huntress/v1/docs/README.md | 19 +++++ plugins/Huntress/v1/icon.png | Bin 0 -> 46636 bytes .../Huntress/v1/indexDefinitions/agents.json | 30 ++++++++ plugins/Huntress/v1/metadata.json | 37 ++++++++++ plugins/Huntress/v1/ui.json | 22 ++++++ 10 files changed, 345 insertions(+) create mode 100644 plugins/Huntress/v1/dataStreams/agents.json create mode 100644 plugins/Huntress/v1/dataStreams/incident_reports.json create mode 100644 plugins/Huntress/v1/dataStreams/organizations.json create mode 100644 plugins/Huntress/v1/defaultContent/agents.json create mode 100644 plugins/Huntress/v1/defaultContent/incidents.json create mode 100644 plugins/Huntress/v1/docs/README.md create mode 100644 plugins/Huntress/v1/icon.png create mode 100644 plugins/Huntress/v1/indexDefinitions/agents.json create mode 100644 plugins/Huntress/v1/metadata.json create mode 100644 plugins/Huntress/v1/ui.json diff --git a/plugins/Huntress/v1/dataStreams/agents.json b/plugins/Huntress/v1/dataStreams/agents.json new file mode 100644 index 0000000..b186a20 --- /dev/null +++ b/plugins/Huntress/v1/dataStreams/agents.json @@ -0,0 +1,67 @@ +{ + "name": "agents", + "displayName": "Agents", + "tags": ["Security", "Agents"], + "baseDataSourceName": "httpRequestUnscoped", + "config": { + "httpMethod": "get", + "endpointPath": "/v1/agents", + "pathToData": "agents" + }, + "metadata": [ + { + "name": "id", + "displayName": "Agent ID", + "shape": "number", + "role": "id", + "visible": false + }, + { + "name": "hostname", + "displayName": "Hostname", + "shape": "string", + "role": "label" + }, + { + "name": "organization_id", + "displayName": "Organization ID", + "shape": "number" + }, + { + "name": "domain", + "displayName": "Domain", + "shape": "string" + }, + { + "name": "os", + "displayName": "Operating System", + "shape": "string" + }, + { + "name": "ip_addresses", + "displayName": "IP Addresses", + "shape": "array" + }, + { + "name": "status", + "displayName": "Status", + "shape": "string" + }, + { + "name": "isolated", + "displayName": "Isolated", + "shape": "boolean" + }, + { + "name": "version", + "displayName": "Agent Version", + "shape": "string" + }, + { + "pattern": ".*" + } + ], + "timeframes": [ + "none" + ] +} \ No newline at end of file diff --git a/plugins/Huntress/v1/dataStreams/incident_reports.json b/plugins/Huntress/v1/dataStreams/incident_reports.json new file mode 100644 index 0000000..730bbb5 --- /dev/null +++ b/plugins/Huntress/v1/dataStreams/incident_reports.json @@ -0,0 +1,62 @@ +{ + "name": "incident_reports", + "displayName": "Incident Reports", + "tags": ["Security", "Incidents"], + "baseDataSourceName": "httpRequestUnscoped", + "config": { + "httpMethod": "get", + "endpointPath": "/v1/incident_reports", + "pathToData": "incident_reports" + }, + "metadata": [ + { + "name": "id", + "displayName": "Incident ID", + "shape": "number", + "role": "id", + "visible": false + }, + { + "name": "title", + "displayName": "Title", + "shape": "string", + "role": "label" + }, + { + "name": "organization_id", + "displayName": "Organization ID", + "shape": "number" + }, + { + "name": "agent_id", + "displayName": "Agent ID", + "shape": "number" + }, + { + "name": "severity", + "displayName": "Severity", + "shape": "string" + }, + { + "name": "status", + "displayName": "Status", + "shape": "string" + }, + { + "name": "created_at", + "displayName": "Created At", + "shape": "datetime" + }, + { + "name": "updated_at", + "displayName": "Updated At", + "shape": "datetime" + }, + { + "pattern": ".*" + } + ], + "timeframes": [ + "none" + ] +} \ No newline at end of file diff --git a/plugins/Huntress/v1/dataStreams/organizations.json b/plugins/Huntress/v1/dataStreams/organizations.json new file mode 100644 index 0000000..5138f6e --- /dev/null +++ b/plugins/Huntress/v1/dataStreams/organizations.json @@ -0,0 +1,42 @@ +{ + "name": "organizations", + "displayName": "Organizations", + "tags": ["Security", "Organizations"], + "baseDataSourceName": "httpRequestUnscoped", + "config": { + "httpMethod": "get", + "endpointPath": "/v1/organizations", + "pathToData": "organizations" + }, + "metadata": [ + { + "name": "id", + "displayName": "Organization ID", + "shape": "number", + "role": "id", + "visible": false + }, + { + "name": "name", + "displayName": "Organization Name", + "shape": "string", + "role": "label" + }, + { + "name": "type", + "displayName": "Type", + "shape": "string" + }, + { + "name": "created_at", + "displayName": "Created At", + "shape": "datetime" + }, + { + "pattern": ".*" + } + ], + "timeframes": [ + "none" + ] +} \ No newline at end of file diff --git a/plugins/Huntress/v1/defaultContent/agents.json b/plugins/Huntress/v1/defaultContent/agents.json new file mode 100644 index 0000000..3794143 --- /dev/null +++ b/plugins/Huntress/v1/defaultContent/agents.json @@ -0,0 +1,33 @@ +{ + "title": "Huntress Agents", + "description": "Overview of all agents deployed through Huntress", + "icon": "huntress", + "parameters": [], + "layout": [ + { + "id": "agent_list", + "type": "DataGrid", + "title": "All Agents", + "position": { + "x": 0, + "y": 0, + "w": 12, + "h": 8 + }, + "config": { + "dataSource": { + "provider": "huntress", + "stream": "agents" + }, + "columns": [ + { "name": "hostname", "label": "Hostname" }, + { "name": "domain", "label": "Domain" }, + { "name": "os", "label": "Operating System" }, + { "name": "status", "label": "Status" }, + { "name": "isolated", "label": "Isolated" }, + { "name": "version", "label": "Agent Version" } + ] + } + } + ] +} \ No newline at end of file diff --git a/plugins/Huntress/v1/defaultContent/incidents.json b/plugins/Huntress/v1/defaultContent/incidents.json new file mode 100644 index 0000000..8df9c45 --- /dev/null +++ b/plugins/Huntress/v1/defaultContent/incidents.json @@ -0,0 +1,33 @@ +{ + "title": "Huntress Incident Reports", + "description": "Overview of all incident reports detected by Huntress", + "icon": "huntress", + "parameters": [], + "layout": [ + { + "id": "incident_list", + "type": "DataGrid", + "title": "All Incident Reports", + "position": { + "x": 0, + "y": 0, + "w": 12, + "h": 8 + }, + "config": { + "dataSource": { + "provider": "huntress", + "stream": "incident_reports" + }, + "columns": [ + { "name": "title", "label": "Title" }, + { "name": "severity", "label": "Severity" }, + { "name": "status", "label": "Status" }, + { "name": "organization_id", "label": "Org ID" }, + { "name": "agent_id", "label": "Agent ID" }, + { "name": "created_at", "label": "Created At" } + ] + } + } + ] +} \ No newline at end of file diff --git a/plugins/Huntress/v1/docs/README.md b/plugins/Huntress/v1/docs/README.md new file mode 100644 index 0000000..1322149 --- /dev/null +++ b/plugins/Huntress/v1/docs/README.md @@ -0,0 +1,19 @@ +# Adding the Huntress Plugin + +To connect SquaredUp to your Huntress Managed Security Platform, you will need to generate API credentials. + +## Generating Huntress API Credentials + +1. Log in to your Huntress account at `https://.huntress.io`. +2. Open the dropdown menu at the top-right corner of the site header and select **API Credentials**. +3. Click on the **Setup** (or **Create API Credential**) button. +4. Click the **Generate** button to create a public and private key pair for Huntress API access. + +You will receive a **Public Key** and a **Private Key**. These will act as your `publicKey` and `privateKey` in SquaredUp. +**Important:** Make sure to copy the private key immediately, as it may only be displayed once! + +## Configuring the Plugin in SquaredUp + +1. Add the **Huntress** plugin in SquaredUp. +2. Enter the **Public Key** and **Private Key** generated from Huntress. +3. Save the configuration to begin querying your agents, organizations, and incident reports. \ No newline at end of file diff --git a/plugins/Huntress/v1/icon.png b/plugins/Huntress/v1/icon.png new file mode 100644 index 0000000000000000000000000000000000000000..ff302a90194df7c9c3b781ce0d2d7aa2ac89702d GIT binary patch literal 46636 zcmV)%K#jkNP)9vlbl=3B*4Isn^#g4SMqUI8#!KlY#UHAeKok zC@NuKVB`U^dCE%)Kx_#hTcil+C?H!0#7>8>9YE|P2s;F004R>004l5008;`004mK004C`008P>0026e000+o zoVrmw00006VoOIv0RI600RN!9r;`8x00(qQO+^Rl1P2N=4=hDi%m4s@07*naRCwC# z{b{>hSCSqEz7et3-e8w_mY`eSy_?@B#6kH z;2qD|=j;`0#qhpw(1nYa@zkE$=hgU8U%*p)YLC*MI>1x=T-#Fzcxs<(d+GpB?Q?BU z9pI^buI;Go2Y70qYkTSdPwjJU zPaOaN9Pmed4NvWn*i#1p0CJE&^?}c$eXbqAoBzWIPEUQ{^Jt%I2Ot3SbkTpVEj;QA zcx0B>J>~c(e}_PDZ~Wq^eJhqc!hT)ZWR_0}M=)Y>6ZfWI14oUVnP;`h@cDwnm>LD6n(Po$#j66`nuz=ljU%C1B_+l=wExKyl`c#WruYPZWdLn0X7}Pj18A!$+`WLUr#mj@_MbW7oRCL^h zU_>?GfB*u|N5Io$_zAZs84D!N06D3XLLg4b=eB-<0~0C~yQg2W`?2(EzvQ~$y_KCwAngbkNtj17wBO+&3GLDm8clniT17T%yIDvHnge7b zfZP)|n13fS<3zz%R=O9S9kEad26Kl3zP36Gac1Vk4IAL+_rIRD1)eZ_(j34Ypa%G_ zgkT7UM6eJh$%`u&_ZRv##2sLEP$e;(IZaDTiI`Zxjsuq_ui7Vh_EMumHGbebVNFh|oNQ51M816X`^7hg4>VK*q@r2nE z;sBqBOdL)yB5{ufHn8v%K3Q6**H*_$L>(q}HD?)W8h48D?3uBtNJyy`A~z=@^4tb? zxHq3XO^Ba3dlDRAUaOgR!IT_i!N7SD0~1Y)&z$U^IH?JwEY1u9lNB;4;>z<^Y7rw= zcOkfE_?#0FC|5$siM&BZ_|q);iLoca0X}8TQQ*W5V|R8}2XW{v#KmPZ2*KS&IHgMA zl?0qQqidUWqCyI{Bsq&Fg1eZDo0BJYm4-1-@TaWFC&Qiu2ROoBAt&dC-AjpOCYrbo zh>f!0FLAUEd-hfWZ)#GYy?P%os*}hBt~wq_VtFxccxk!f!U1t5s4)_;A&5(%B(6?sWDQd8X$17EZ%>#5%$Fqt-0B>X zGkY0oCIo5r?M4SK@8gt$>=KvHU+KMgZLcPx5EO+mYx7WIECzBYH^8}H*b<%}Fi*YY zakeMS0S>JR@m}l8R@wO+^0UYksR6-k>6JdxrWmOaqQN}oDF;H-T%K-^4T{`*o zuitf^gsvtoJQfs^)h_PMs+N4V{7FyVeo%h+f6p)N(;rXm-^HFN2bix0CvtFx#8GZ& zF@pspFd{$vZ3CPL%2vV4g^!Y*`0d~Bf8o`8MAluXRawZ`Ye~vRPGZDPEkS_%5G&z1 z@$feNM%zL|+cIbaqND5fDAEGIa7niug-?9sCvN}rsYm>B_Cz@VfS=l%X)X(lZbVAkPiS7hJ@O-OEFeP(t_F;#EoQR1*LBYiC>>ResFgSbW!e9H{>GIM(IeKM{A(zQ<6nfEolAnhha63}JGV)gX zk)&~m#`owGA4k3JseQtpC{Az#2SRSv8pw?put**!sZb|%1TjwzS7yLHxk0O727)7{ zBt`FTt>?e=n`g$eTmP?rC^m~0N)kH4dK_1Zy&0vUW`qIUi{mkP*XK{c$t2^dyUH;d}9oB9K47eZh#;5i~ zIRM&)G{3=lb%{BW*>n~`Gc$<8VAL!&hbz11!;n~$1Mx$hp8EB#oYcwP|NftxpiW3B z#yCy2iW74dOKE#;&6e!V@C`Y)*tmX{Cl^C#!k*45SfFAp^$6W z`1I+K+0iOa#(Pq`_Q+kxNoxui14}1Q2Z=lHe$ZDFSZ#Hu=u~y>lKTvt`)W?)#71ny zK!6wUnB`SkWg)WMgCol=Hi9yYNr@8300miwGO;(JES}|zntvSx2ItK_IHEz|3^U5g zz6wV$97aOyxocqrZK(bE^dUTTfYzQk2k>Uwoy(bk3`8SHefq@WbC(AISlS7ZQ+?sg{UtWrk++{ist**kIt7BIkI zPJlDHGZ~QqnCHR_Fp~fbS5ik}&G|5sNt-%zR1>S&x2oy|xe=gKd(t`aAN|!% zr~BZa|Bsz&ummm$0Z33IuL+dUI1?d9>=l`!PE;qFRj6vIG)!hvC)VV_s32j94o@y1Ca}9$4)@)G5F=cZ)=W(i zh})rC4iueD~KjP_BEOAn1a!Mpb&Xduk*X@toCR8S( zse2`H(urYZwSVfg^!n88cb8Xt$Bu<#8x}+&lZX>1I7Gl?FgGVAawAo)Ehf{!aJG9e z+1i=z?)h|9O%4WI_k4S|Th~!E*0YXl5r|10Mjlw%YXeYlAVP98f`TnHAzw2M_USO> z)*fF6Xtw5~TNW?}K7W#wNKLfwhcy>(HGTlLWZl4{{XM^bck%fzPHLDmHK1IFJp3~N zAcBypv7umdg~wSp>2~iP>;L2*9 z;dp6hw>ud4?)KJ=_l6(cJlK7Z_P2|=E*PbwCj})HBZ8*7;vk8jWQm1QgbA?Vrw#9f9XqCmo`88r~l%?kKf*K0~obS zj5{e^{0qM|d+st_ePPmDorSnp6fOnDv?h}+djP6Q)3lydDd zXEcUcA_7CYo#o=x(vVex7Qg<56`Nt}LH*wQe*5n3jrRw4?{caGQO~6hE`?kZI~jq| zLYdkDfJQFXAeNefZUgZ+oD=RqE)F#9=iG~Xvi#t2tOCu$asy4xXM{vjGi%bJhNBw>Wb?SNy7AM?Uf9`plJ%2A02NFjijLa*Cf|wDB1Ds$8 z!a*{s)QO46h|Jyc&KneBV0BWkiYviINC;4`HO*LO>|@g@(a5FlE%(knxA4NN-4|Zm zc==k~SgI+FTxXLpISaUO76)6?o@hF7P2o4s%%RMXXxax&T{!o)8?VS|73EUFkwXH_ zWBv-; zUwFA*h!1YQFO@DBh2%TCJ2&2ZqdFL_t*$RDEsnKvjzY0OA;y|!#;TH-y%-eJSlNx;g~TD&mSS7fU{jpU-89aJZ&Pn=38dbHPjuwtSNc?V z>>OaewMY?mYh8Tp%jf^z-|4*i#kH?|`Pf&#bnLZP%S+ErPaOA?o3^M!mR52`e) zZK@VyNkR^U07pt77)KUjs9WS>I`yIH>KCt#ibxc!b}(^dw?ytl#LjGD^ClEqJ|+OM zW&v1%Xb2DM$@&YImY+HO;P&n6V6YN9U9UUPy<0c;-+i~M>G;VL=$4hbfVE1o+fjiM z1YT_K>5qTB*@^v5S*tRYo?zr0f|HO7I|KkhVa@~=awca>NdhY+VHXxnYRrhj1snUs zeH=SG(y2E#7q7mw_QJKrE0>0h?ft#+bk>m=b9FR?+TDnoxRDx^UIWD=MiV#YiYbiU z2mo<&KK_jS`Kbf^d$dN|2W*x3u-of>?bq%vFYd3e?yW2g*H`LuXUi|V-1*YiIEp)AKqX>;S`%dhP34hFaHb<}%-3R4V*d+*#B-Mv%x z%f-z_6*J+=3>4s@L}ziS)YrfJ@Spt;TuoLtHacO^5UdbrO)wG|sj`{mrnQ1<=h`?? ztZEx~q~jw(EfBGwh>4<^um-NlghdmEYUAZ@eP(m%r5BD}yGEhEyFJz!PmF734s2F~ zlQ)NNMHQ zzBpFIShzZajEo4P#7-XBp=g5xI&3cI>vJm1IB9Z2F*dRO@`tQxoKe5hB-AS!19kardsLq}}y|MSh?~cCxo$(LeSgLesxflCEkz`f} zb7gp75+=#$A}%uD0wl3T^(j@ojnVPpwrAtZ^0Fq?VBrLJw1FI`*u(rd$R zZ!*?;ci3@sg~%&oYj$^MWy{0Sa`!Ojz#w7=AHi7BPlZ6g()QRnfVW^3M0V%lICamR z!<9=jD%cBH3@HK;5>&VXrm(SjC2wc!eW8E(1z%hr>R0=HYj<);}np7^eQ34w?fkT2MDu*>!ydY~Q*Dk+s^4hg3 z*zVxrbh;nhOJXE1B07czk7TabP*Rum;;fz4P4W5f9>jXtCufnr?++YfmdD<2ZDPoU{MMNN*V$? zxixSlCUA!3J#~Q3z#0xC%sHVOItQci(zWMwb*U0E@gxb+$ZK-V#z39zgNJXvwg18U8)fY2tW!^y11*U!cBBv^uU(Z2PF(d#i(7ZL z|INRi?cYCk^=t}dsseFY!<@x6$1X4^1+c5AvN?ndyziK-EH7VsVeQhzorA&t{yxJZ zu_Z7hIu%52W^f~MB7)3IpHE&R;IVUnra;i1E43n0$y(j}_`#2VG`RlO?D|{j`kQ{^ zU4Q@W*~d2*)8u3sLYkJ579G!&;luBKb9(QC`oo)N&R;@jb>OZYrXmtUs~I=-8+CHa z#F?aD5)RbxJSKu zetCQB8~`ni+(=VFGf!nKr;gsW7slPLn-B}!0dbDbxm1nJl!6=J2BpX*W}1w+R;kgA zr=MB+!nLVR4sL(AXxs~QuzO$>HZMOnh9nBaAqxhz!7k?5000dDDNm0P7&jp2h5|_f z5_b;9ARfTv#OC_N^V8{U>!W)eDMdB72AeJms(W{M`(dx1MXRHxqE20jWE{9imDXDK zI&qOu4ENK6k7pm6C$m_M_ddGO+25fD+q*Yz zte!v1$JVBvOqGxeU@#$P&O@R=Vn9$4V`q3LRPc&u?cB2)m#&VScJ6E!dzhuFLK!A+|MT`7k5_KLO5c>e6j!6a@5VS}M< z{)4i%MAHv#%H^yOb2oMt3#39|XLeSwIl)PWZfUW5;`u9~)4B7(`vp*v1t?Hc;BM@4 zg`!4BoMZ}~Bu~?#JpYxi?z`>o9CW~CoferEqXg7l_>%eJw2r$wad&%m{o65Kb8)VQ?JNWTP?ydIincH zxP1BYEHt}*)^}(XO7g8>WU{$S1L|Zl7$obNgi37!UVZk`=7o#954UE!`(>>MTlbG$ zxq|*ml}L)hxMo&2r;Jc*x<4)ZG4F3=fMv2TyHGn?53D8zGPp_zGoo<}o6lY8uCG71 z{b4HLX!JG?fNeL+)ga+O9juh}8{- zn5c7L=$}4$>e9u7yZ1&9wwFT5>hKf_pQKTU1*2fr74P`P2w15Y=YRD|H*?8;SH-lkiaiiN=h*4%~$fbh_N^Ih! zjG9pq5`n;lItK~RR1~tWKHFG7{_4x)q`M#9DQYXtB9S5`F{Tp6V9)GL@rDknOeQv` zx8Yaq5P19?z*~45wiwzV^cO)XDYdUIO=b zZr>F$^P0&5lX?TA3j*@$lCfUz?u?A1{;}! zNV0|sD4L6ydM$$5EyYrm6m;VG%f-ghgAZ@{aMDv3H;`szgp)d_=Da076h~?$>5r5S zel-$;$Ik(1u9cup1P|ik015VnyQ`OD>2fGj?DwRiH^WbfhR$3G}KVe{DwLnWhjGD{N@k4C|$7OI8StfT@aHH8%7bT;V+F6*=~oz32TcmGE}#=ZM1olveU za7U)o30R!Oota~~JBZ);LI2pwtW+-qQYM#Vs2wB0(#10iCpWh~`pEVVR?1RS1veog zQfJGOs@_N&8AEx_toQ`c;8(y09ybTb`sO*-Fo48@cmv*ov& zy%A5yv+=w^?lc6)HhTBNBifw6-0MH6XYrYnC$3)c(ZR!S{o8)GyZr3ssfv*|npQ+} zAY=oKpq5(I+-sU|ea#IgCX$AmP7bm%ii%8`r)BThl`EB{o%e4ohq7==mWZ6(Kwwbh zn5L=fbe3Mac0X`c^onQCEuAkocv_70X{O|wSsq@F^_|n8+sSp+bRFt** zAf@8O=IQ4yJ-l~+|K8SO*_W&p-$)E)_z>rJQ=kO5j8Jc~fM1Q(kH^gc4neo%#wsp_ zMsjjCr-~x>cJ?>VKgXM=hpr^%ZZIcm1aBSORP50<6dLJ3%oT&0#mX|%iaO=YdDiKk zx_UMCijV*8H)HIsoH;*Dl{19N-RCM3#57Over8M5F;A8WaBMYZ=8QdI6S<0yQ?Np&UGP<4w!2)ua*|N*DeheL_8x*y7BZ2FZh@rzWYJJ z6u@lmmLxRFM77XEr0VMPC;rm!4hG|$J0F@<97CMQ!kE@V2=&3k_kObb-n%RPrIoey zB&p*Qd;N{k2RHitKVPh7b=8&-R_Zgz`kYLb;En02lK z41l=F$>`gs4`=~1egg+JH`4Ymt~!5CkAsn zBe*40wM1eZO$suK8%AW@P#T>a0w!xk*~}9AtSHu=J*TSs?|-<&V%4j#$T; z4X0Rm;l;GDSb5^;HQ?Moe(^dCYG+LxD~yP{=h z`__Zr$d@2QR$<~n3o+gwZU5jc+uGSYwXxQNzVVa6t&fJ=dyD7J*K5lN3Mg8IA{dBc zLeR3adGVsB*}V^LQHT-lRVCbL3d}`cekupRQwR7Ztj#5HWYK1lmm8b1CG%2BpQ;pb zcjx}Gt5B>I;??bG-W$VBh#w5)v0qP0!u|am2l?5h1tRW?#-K> z$g_G9iwI33wSy0awt4<4PMxeGsU`x?Ob$4leC}))e*3K(oubQdPjw&|jEZOq**pMb7(ciz1r$tG5>ym)2g zrXebEeo+#lC1s`BZBp>5OBae%Z+-Y-QN{vJsm=w~?a(aO~q6N@pa!<(R(GJ9hVYM{9=kRJlvnl#zxJuYK1 zDX6L@6pC?@rDLa}Nd4e`RTi<=H*2AAAa=}oGA&(pPL&1IJOR%thQUY-0#I(BF$+M< zMP0*VIC0_h{@#PVk3U>3OC3)_AY#%Gs}vJ=`!Bz+4=!Tg4H{ib+q3DZ3zukAKfHOn z1lY~lmVKsff`vfuKREAji(1qv>ety?47pg;}ex#mEKdwl;jo z6KLBec#O}2$Hf6~xJftQ%e;1ttYIxBL@p|;QJ_@Y-#zFaKh-;ad<<4*if~vfCf*>o z033F2(N--pxhdmevRt9FlN!|&Iav_&tg5NsqqVi!ccB2{2w zCt*=HIs%KBmz^7J_x9#KhW6MvKwGV8B^~mlYG?PRtkCH4L);@k)7kj`)~PEmjQWdO zgoGJUA|rNjVrv-PK#SpZ0(%ZoGBT_Y8P7E#%g^UoY0#BX6RHrXzhKP9lH;7*U2ecI z4PU&uv|K1{`oWatn5`Y&Vy)&Pq?K@HfS5;t(?b8m`mu*^yc0$v;~EkRWj5WX3ddF# z&Y#~m@({tsR-1c5!JVc4=@Z-Uy%h&LOCYKop{NTUz&2le$&Q~IDA$FIf-RpuNe7d? zTOXCK0ktu~&0!H%xTio07a%YV2SZ<2Sv-Gk%tRchR%Q@X%*0ta2o*JC+$~qmKRdjA zw|=nIVK7n|!gN|o3=UAE6HIMZz-=}+7s`I@?6GkG9O6sn<&@mJZTpQmMq+Y{B)=shTW<=!S@tbu&@|W!+XF-%k4XA13HbUi&EM^Pj=)dVr%u7l0 zy^N0R_lK|I@NOUK{p26CYR}E4$Yd;FUg|CMKwBT&2q_iW+n{5uWo4y*?b;p(2?f*u z6B6fQSf_>M#pB1#3dG2z(zEqnFV(p0n8%UWwh-z}?#2i96e)`1ycdm!wSX2`X zU}0%kL;2l4Bv-Ui?c=J-`#3p3Yt6gmtzt*JSaUa?0An(?GRp2pw>vQ&f9}QIia~+k z&gOaZKLU}MvwK@kBdlR~<<;8ev#m0a(#R&{0_iAqK!riMah^=#$D22EzWZ@srr z#z{S-vKSJreDT%MGtW$@5MxRe7cyl(b>aNoci+?f{gNrq4awxssX&~fA((fJs?oIW z%F5LXVLTXQ zl&g!&+izYkv@YBLcM=0BP&gB_6NTDCq`imtj$gT4uP;{;6#~v9#f_jK7Z#nQ&|los zdiBKd#f7E&Z@t@9vwB*DkYl{|9i)~p;CYq^KdxZu$JPPbuIix_frH41*d0vj8U&q` zx{eRucxz!}b>Y%8BUd;#z%8^&Pwp*(&7H^_7!R7AIzK}jDdn$tzHR-xUH>79`p}aB zIA_`oGeOwdW0;UFE-v*G9$bHO!IF3#gA6L2oH*XUbZP2h&IT7L%oMD|0`GX)TUhEo zeB<@L)=@E1UViP1le6ch6j?!P&V-^nRy(%2iNSFH{TqwM;+z=95Ku%Icf-DrfSl`U zHW};>&%E@~u!zdhoyifL*i-^6Y2dO3jEb@Q>hWXgU@*RMYq^Y;YH7Q_JZ}j!%=*L5 z$x{dTC2andHG$=ks5);g+(?9jss8Bw>uam4{nO_vk8Dnsh((y&>57N(=#h%`JbeGT zd;Guq4LfX=winL1WybJKHF2l`ES2i!$>W3f-u9jCj+>L!=311;Ui-CuDLfP)G9$o< zk{bsv$EqvGS37%Kqj%r$dKgn!`oe4DGiT~pTCGHICR2hGHDPmoW#`Q|%fYN5o+3G; zRGQUVJb$To_0oe6?{@_qk@41EJ*w6(JX;k~69kzeYQ|(akTC(og3L(IKXYbq>%+;` zb|exZVNo^VmNu40Jn`X8eChz7wxeOn(eJdi^?B{y+gPIQ?=qa@)WsshtFG(EKY3?k zdV87j!ad;*3bD@RzeDVr^`PbJxQcerFnVkVN zgC~WZM4@EXk&dRpn{O|Wn@vUHgv!;IUL3A2SIp2H-5Hw&W0+_mwbTo}a`>a`GOeev z*!c2Srf1HK6hsU$F$yZ~JR@CP>@E|wuixO5KpKb&rE#+1vu7^-$A9&~hg-I@8jH%N*ve_98NF>Gg08vr%&E}^Eypu84*;3Sl6|L;8{eGS}4_1 z2ly$Qk63KaNN>0Nrh}Uo4YgWvN9r$x3W>|2vY=&WoRX_W@cp;mTkLn&pFK73x-tqO z5|OHg7|p$nY?_kJd{o>V!+=BQn6Fv1P2W~Uxq1FS-OKZqBhWzCsF_$woD~N_aBik5 zfsmqauB`06ah>;e3pODcOg&t>q|ZJxRc9v_c4+3StH4;*bZuohJlNU(@K#;Ou`hjT zeDd_zh=d(A1HpnaEK<_h$<583_ixsF`(3hVNsKghM(0kKU;WzB%Bhck@S{bRqN)~{ z?!NzC6gqMB%21P1Fkwi5A;bGj3@}e_F{UyucX|)5U+)C3XHy9Rhp90)lVx)V#7`aI z6XxE;BXde)n?L0NplxHA$>$j`&_*u~M=-5tJ?U?ab?Mbt*T4A6z1ufS)xn$Bdy$r& zJ+GlNomMPjEe7ZiY>Jk|LTC$4-k{xb?Wt7&YDdP*fBP`9|C8@!t^(1g)g`j}s1R9j zWmmwRTV;0gq^VOB#c;Iu_Vs0UQlCv!&!6F!UYJxyBw%%bA;!>XK+OhLtSt2(y!{iH zu72e!!xP766hQ8%o!v={2y7`;MX$Hm>2AICMt?Ht*A)WqR2p7=)n0ss*G`t~yKlX{ zLM%GvpxYmQxDYy<=Pn*p$zuUTI6G!(lE5AO{=cz1cBKbuYiiM0FI z(-YulSPS`g&W9-h4fVF!^5>!q?SK7n=Wh^)UbvOXy_Vt1#@WC7pDp}_->4TmqqpDg zjmG=$-yR)IdZ$k=uB{9w<5(2)n1i^PJ>5#bDZ?2I@|I5nZUA1*)wVR(rgGGtBER@% zGLEc*LkA#Yf@`o$^MO;InGLuykrR%0`wxHg!#LRQGTY4bnbYMLUmZ^q$Edj}?(6{w z%H%ZDpxj$u&|5cWqtW8me`~n1T2mlX7B_}-aAI;5ra`KgkFBTMAJOfPSKzhi5TSVC zMZEm#4$1P_XP_+ZcDcL~wN7Ca4^_Z!W?fA)`It6|T{yQ%&Q48>B;i662Ax>h4 z4FZ5*?qykyZr`TcxBC)jUJX~)m#)5C^~#w$aRa`+0E-~?ze z1McFkOi6^C3L|n$;>u27aZ;&OYLF2;m<3`sKpV`0P_dUdTzT%&U;As5jg6|iFaxii zI(^~l^P|0;>79>z_qO(ae7$RY;`s3@P>STjrVvCjp7+$6DW#mTYwXO#4WF{<6U;HH zjW_ZfXnpivekxsV*7_%M0BT2bznV#4(}58Ui&p% zygV{i`0~=S?+*tzZ!Zu+nstkKu)n{%yMN;47phV!f>Qt@)rii385GP8Nk(gHYkKG7 z>AgE076HL6u{oPK2yF97CXd-E@R>Wnp>~ElyOKCqEN}m+Y#-uPg&{r)Yv^I&0TZ*=Q}INm#ZY?*hqi@UqsQML8<+k?9wt*>?$mwUCF zAriWtxB&)1oT5_%iBp)f;TvrSr@1URwL#Khv-cCqafc7h%GZV~%XNDmwc`Ec`GOTl#uBPt9~wsaBOX5@Xp(`w;xGss1)77*8Zfbj=%8y zgeWOE#8^`SHmF51cOtf`Ug~#4hqvB-ho_T{z^%$DT!v;H-u$BkjmN+~YX@jENTNJ8 z7tGF*kqNBI#z3LeNg-Ge3*^BlB#}h0Kpsd@nb%{RYOu-9_Tc^ZXFs_<`@xS6{^(ni zAO7I}AAjrKo3HmKvm$9I;h0Pwezf=FA9fA~$5vK43;h{jBF5|_jttlY$lwk$a?Nv< zGG>m!bI@}G%Hwv`{;aI-r?`N0^iCf|L(rienaSlK7|b@Jq+1_MZr|?2I0~K3uYT=d zb-D5e(!@^e3}!j*H0b$ z`fu+nE+vW1oM63$UJthQ#+!u@Ybrrxm~QPBE6a=L&P|<+gDBYC*)6~cY$%AQntG>? z`@`+gt@lf=7%6CAk4a$M>ZTl`QXUt3G*zG$>I@vSnrzpG#R;cdX_+aO) zx8iuTv9VMvb`nZ+5E5txngTQSB<^fN7L9ZJN6e9jHReW|18CAvqCfFC{}aAXpZ;kB z8%E<|q^2uHn7#eh$eU7YNItyK<#cs2x4Z9ys8;7x9B@3 zcX5V`v3p@f!03$|<=V+(zxCVqf~W{_Ag82h`Pka@;r;sFR=?KhF6?odb{_03ojptI zD`PWAuzcPALHA&D3mY?Y@eXrOM3%VBNRjvrgT@a)3L6SG*RqAdE0TttW)KxQGo~i-PiG02ji{>ySH=yU;fLjAAEQ9)z?mc^*7V{#zc4oow%l=07p$G zaECSOXKus{&D3~mt~vurKMer|{vBIpZIlEOgkp%Q+Sov+AR}_0PDX*-9$*9J0{}Av z!;MIS3#TlQinfF{zmi6=C97r_h!2D}uU@6oXVdcWVd!uWw?q_zg{g(@<)z{qzj5&H z2SJ%;!$Q!ZG`V$q^v!Rro;|e}*h4T0s3AtCL_jj5qB}{opFQ7y>7{!6zD}#arPe8S zWNI^ze4^R-*w~{SlS)UI6&bTI$uzll%8_CwoVu}l_U!VR(@R%hSUPv{py-av?m;YT z!~|DQ?gm(<#xs#f$U9%KYB_yrajLyZeQ@)mgAZ?~ovppwx3ITuAKu@-`7gG=_09E{ zUs`+hi>v3J9W1Wwc~L2=tE!4P!>t{dnvm1t=4#oqi~Q_+_@}?IKkX__+6_`*Ow>Jh zb|wW%So}wzIO+~&5LX;#E6W>S__eyTHtqD1 zP7we%I2(ln!TQVBI$!+4-T(Lh?@Za%YQ(`;m>zuhyXAA|*MIX%4}9vh3w6IgbIK7|Fqn`D2bNUVPAEH_ax@#fbEDHMsGh;p+XSGk z9Xv+W(9gmF=G*6CJFEGhbJjK|GN2PmGTy87)K|ZJ`9J$l@a13MKl$uKDGw-45mlnH zG@Psm2szj}IFTcOg*iAPLmUD`;*ucdK7#JC4GOB3m&WUB{@kUduYGy(#aFs#FD|ca zjz79P_}=$-zx&7O)=l4eSoFHfi;F$2yJiJ39A@r~*o1Ri$ZKbc&cV)ynO(c*{sL>$ z<;);%3Ihyg1&g@Q!el)8y??VX^`W5q(lvkP!k9x_FLH1C)ARmaGdz3_xx*(he+>kj zeO|w>>pCnf)6)9HKqaY9z@FTQBe}3zZ*7r>!`_4~z%n>zBEv)S%p*;aWq{IYR zN<}DV5(f*N-iz0UOKbayD3-N3Nnsq!DN;#JUMqP%>+{K)cNGGG$;p#L9cq}l)Cg)^ zo0zgpm1bU!Q>gk2o%0vE*Iq1Nytewf&dbOx=9(!;lbpazu%wK!$7^4U$V0o z#}b=ZzG)ukX|7;LmSD-cbaRq=zRbB=mFK+!!UlE+xiKe-2?SE38Apaht1Q$2sIq!( zd2#>U_waCcF>p=O5I7{++ZnA~x>T>PPMP6k0+#>~v<_u3)fjt03QR`Bci!r8?zM*o z-gN|6g~#I*_$*F<277-57~ED6507jj2=gq}6nSgw9v8*ZbJxb9FiW8n1$koD;07b( z(lBo`9WJK!g8;a@kpK*Hb2yQ>0xp8!#I?|Y>aN>#p|9&3y=TvFzV_utVqYx?Hfo8!qb(+-<-nM$ERoMq5q4aw16n3=ihA^ak#{3Ge|93#;n z1A`OXnb94OhTr*C91X_cr7ygu7tfEtKufATJW<=TXx{cZl51vXY~@W4F&%(I*ohSE z4EL0WKwO zj(+?mX5$VUr@Ae4k+&^jdORYb|KJWltwhgZ1@MS|z+A%t?#_S^!xoEp@BI&oQ)fD- zPR`gWC^*76s}+Kh1#>hC<}IJGSyhb(%%N=nz=Ys=f(Ef6%ceUq6O#cm!_a-7Wzbv1 z`AdA^%KCGck3DyBQCdq4T{&h@uuckav1u-qRl)pU&Ff_ZdAiS9^h z1_v?GpNjm{Vq3kzWw$bR8Ms5_{psZ3JKqX}eWmi)*M4*S%;rd$SiDi^Y&Cl`ylGxb z{baMw55+qDP$4fXPdcn22^omkgL`mSf;u}Hyoi0cH(0xT zl{YqL03yTLRlPxX2Pc^8a=(jv52m+2>RJ`Kp}^&H-P5pG6gDe&o%+JdA|e z+6Mp!SZF$#mZ7)mxbr{#^UKFKXXl?8qa+q%C(AWuN>#Lsb;%HyPj?p`euOu0Wb~?M z1acD)w2V~-Toh2ptWJS2E`prgq%)iG)r%dtPG{ln&hpkM9MrqF4|ezOP8cX77Q3V4 z8#r++F7>_asIb8fSM;AM3~D8HTLx#wBni0#Y!qB5greV1X8DyJMdEqeoH+8%9-%@X zP0X_=wCdStL9u8d%Pmy9d2>wI6Y5%Ve6#!IS9bsTt>fTOS4<>D=d%?sKLF>0_dbIq`19>EDue#47um2ATUI($ z)yzAcQma`(yzt=uy?^pg&;1|&57lOOfW!b}lHL%@OS&8>ZvONm{p|O>MRWTciZcK1eE2~N z)_^gy3aRY{TKwu4^bfzC9y}~k&1Ho7azWca`tGsc_*!}8YK34`6&UJZVNcFZ!eK?EtKHJ!PhV6Nwm@Lg88I(8UlF$;f?Z zHj7ksLe=YFX+c&NWqpO$SFKYjn^RMG#NihEOS~mbHcu*|{lTFAH-AtZ3_J4eRnS|giL+Ehz=NcCKqx1p(cYlaq z*5-Ag76sfSYFekVD9B;S$Uvz&(Fr?$_{|6Z!#}<_9QCJT2z!hOpA z8j+cqSw0S!kVi&y9v5R0xFE14kV^=Wz;2Y(rzy=`r;H(N2GcA!WOm2^`=u|7;92o7 zu`1VAt9MVGt`-(%W^67(?tcc?`s7pm)FIL2PB}5lVtGKuMH$BtbrxTJwc1#%IOhwdZVOy+&;MbJ+zy9S=WBdjt+JH_HS& zBBMMDT`Z}a1!kCwglf2dy2CsF=Kpi&AO55B<7y!(xw+R8)NGm$?mzp}dmD8$fXv)b z%@XA`LCH-Vv|fRNiR)Nxj6$4S4Oj`HM{VU6*K>|>5aORqaB0+ z&w_BlHMlZz!*PH`dt?rfmu4>Gv?UPoBjs&{ zfjkyvJsYoz4gdICxBr{}`t0_@)!DR68ki|-hoVIT>_2qswtj5ug5oLZfIak!2Aw5 zwfMqEwG1Db1GLK8%|3is$7~DN-VKs84Qr*?4VsRNPrvt__x_9j%ko<{P88iVt1`Kl z+G1$yP1H7`%*mXrss9sk8|6^bmT!b}7yy|!57!I;CTI3$0IIvV=VmLz*%(Rk5O(rr zh@=Ao&plR}=l70ZqRf|1J|+mLOlA)r!V+z)_)j(oHlca11sGw#WW z-J5M8?+9p0L1qv&Dq%d{udlzk(A+-qjL!yO zU?)>gqx#gvOJQ?$>IyWgzE!-L>k)9?qaMjZd_;TzwAHYACv?8|w?#o!rw~CLm;*f2 z+6CKi^6~3G?DxXv>C=vArY4!k?o1q6JokMCxnaZrw-jGAVSmHN7eAb?*XH7_PKygj z+LhcwINCyq5kbg4RY)N>&i-PpNG$!5ArKJ>ASKymJsW@fJCj>C*Z$%+s>@f0QmTQQ zz7;;DG&?UUe4^b*N7@nYfQuBlE7Dw6&Ri)&T=Q6%EV{~oxq&HTv=|AbM4(NQy&wI! zTTh`i=N2+s<DuH1O{8PuIL zhSx++=3cuPgbv$7Eoib0Mrcm=JzTtp&7pQB=D47(R5iIe!$H3II^sH#f9gVe+Y@$A+|{?XkYW#&zW3%aoy zt0tRqdC*&4x%yItppJy(LW01`M6Rq3N25yr?>D*s)7qnAgdHWwwz5C%U29+r$X)XU zG9n&O*h}7voxb~u)9B{SgZHk->1gHHMyJ16SLVh{k%`0%Mos|;4l&|9$;aE?Cy7vu zD#2Ks*(iWQCTFq*aV9uoyMFEY-f#T+HkU3PM;?XKqOp&(yqY63hdsoNJ|~FWg^3APD-!?(sv#r|#g4W7Lfn{17oqaZ*JwIjkd`ji0 ziveeI4-)&+>HZJD-<^z@6-1nvom7&MvkAN8NEMIb40uG1FlzA;hX|3w6FrBf;!dPa zW=vDa?98d+(#8Atw^d!hi(+wnaPZEJ!8`AFldr9=b{7|BR@bBy#X#aQugD`aOMnJD z2`FGrX58e0)aqen#jb`D>CHU!JX}5GJlMHi9C=tTk+T?!GPy)QoI21@|Nm5;K#f`w zlPwUsH{Rd=&JR}q@?Y?C&kig)MKFML6jAf3@T%1jYnX=w55%VCbt;SCnsT6>)D041 z7bd|V4kz`H5E7}019=XJz?rN;>^i9%YLv80_2hfs6RksKr7|-r=1JwxeB~?KfmOJ@ zw;+%(o4cm89)&){}JWV}jt6>%3${Ob+iR8~x-uZ*8xkD2!^awLne0^71PO z%S(ySpsx&W&H$L)ZM7)qgAexKd8Zo;rojU_RB{oD*ae5xxX*eKK4$9Bt%4Z03osE^ z9LHL8f9D%JmoE6RlN&F;+<*4m$b4saP$%n)EZ23|+qwUf*M~RWwZUKwVM(OhW2d^( z2}pD00|e%fS&c-gDe#b6vvL}_63O)mQovfSj)Ig(Gm}}I0|JbjQYyf1ft=ht)yyy` zwGxknMw99nm4ot{w#dFQn%?{0zIpO%Um2f!W?Xa>1pp@nX`8)%VzIQkyA2k#=?^kF z84IOU7e$O_!|#2+e&^lg@px%ET@St*tWzM7CJ<6&4Pe(?BLG7iXM(enI|nmj zaOdvi?e|t)+{_EAISnabjVt|Ra z(}kZpz}#Bkpg6ISR2F8P)y{AJ#^{-|+ldE7;m40}yz%)GaEB z){J*@5}ybB_~c@lp9cix=4H9N8Nr#{T$xU6ZZ5q2?%jX-&knx#ZQOdN{^-5g&Yhm< zN+_00`nC6jOIQI4?npH`%-zU{;UEcuntCR>b$9aC^#!LyJ`<&2)nrnhJl%cym0_JE z7V5^tWW>nM19n|@I{4uadedRhBov$^u@hXp6^Z!tYx<1r@p1rfky1|0WI1Q4xsZ)B z>tFx+PH&|~#}F#VguFO+dgI!QMd`h|E5AWPCpFXnO&L5RdX@A=})AZ7&iKrS%$M4pcUFf*yviWJ3#j8ZBX z0agT#@MzALM?mjqp>&K%Xy`J8B+kf!-!5{qI^zApw-TR9> z+hJ!nPN&O)s${fc&FiNu$%&s39aWrA!tekklExOAIHNF$oh35y;iuLLwHKX*r(s z2IFEhtJNNi2Qt{JmKNyrGfp68n4u*~Qd?>Lxm3UgB|ut(PM(%CC&x?);#qZsh@H&& zQ`rCZ4RZ%Efm7<{i5qG)xk<2wHAw_iRNPbToxim4_m3^U`)db(^vC|@_4@YRg^tYb z-P-=~A3u~uE&9B;)LmUI``xP3@uh{{#@fpIO4;wKpp1*57K{$|f*LA8Nfw-~VB5L> z5IcLl-ifiP6w#Xau*vW$K>K}PT&nLFGbuceoh1-lvwzN&kv`+q_INqKJgOBSQy3Ga z38A}ESV4eNaD!=5iCu%i>QOyiDm!Z@PA*@(eE*|6!}s@Nxj0kf;AHhO%Q8__SHm0c z?%#Mf3Gep0C?XaXu(HA%>x&!f+evz%a_GE`PxzOu(Dxgro( z22&>{Ff9N5r&meSRClmyFQxqtKkS}9C5!!uHmPf_k*ZJ~c&o0Yx4QU+U*Ej)iobtz z@WUSr-ua2&|G48C(}WL3IM}i~oE%1+V%P~`H!v8XfKj(fG4gC_Z>vY{W;Mx-LLisX zxHB4?k&xGFIcjXl9&n;5OYg)9eLFXS=3QSp@(LaeIp*qD3lWt6-+{Dr86$v zm~)Wg(Y2cNA!}yEy@&hX`Ocm1e=ptrxSUKDJBt&wnyq$9?n-8Xd11l3Wh~0j?|7#O zy?%^^gUoGq|H0^vxobnCCt`4nOw!V;)KtxqYMq?PLs2d)t!^IgudUXXPL4J=>h*Q+ z^+f%FIb2lDojfH1gjwf^mv-HIqf_;B4g%&0U?N0-DHB;s>1k`Uhi$gQ#~`?QCx*`M z;Qqh(SBqbLZQ-}RGEo)jvH?U2Kx~Q{1-plbmF;)eix=0HUVLTw{=M?<-JN&d99{o` zj|SCfD0Pk6gp9q4)htwqByp6gH1e>dI*lyTdfK5V01Lpur&HSBXLBiHO+>8>7I{+$ zR-x5Xr|xr97zk`;4IrKm!LyG78TuGHK=TeTVj?CKVdmA!@`%WlA`8R{q%}_Q<_Cjs z{_&mfe=j_^yAaJHY$fc^62KKjTVG$f@NBWMnKq9XXU>JSH7z@c(HsUhX&O~IT6Gwj zDZ>h5wR(=vq73aKnm6v8#8~!;D)QQW21`{Uga&^T*fTj8faeMyJ1j>shoH1iZFm_8 z1XUqNZ6GM%G9P4Yl%4-DpZG)ryIF14J=o{#@9yv1S$Jltf8p{Jh~Qcim^~4RIABnY zl3+D#tlHZ+*4;c&zVPCj{`J}J_Tarrcc<;max?lXFK>)Zadmv{O1%Z-Up0vV3v(1-Y+hT`Zj@44T9=Z&JH zxcA`)|KK0K@PGP0Z>_|=z}jILkp-i~X5z-~3Q9tVGKP=cm;zI`bK-38)cGRS(QUb! zpq}V#;%P>j%xg|UR$2&A>QkfPPyWGwTTZK<0WkGJmk9Vrn;x}S?&HPFj;#6Vl+@t+TPY=fkHL^Qf{?QG;ZTjJ-e1s zlLjYreM*D9iV8Q5YJpkY(%?XvwjsG$OEYNxNp4zptSEHSw))$^-yf+DJa!I{5#kJx zYGA4b(=@)kwmA0LgFpP&6m zAS8Zj?`xl;MFvxQ@(}&>Z_`mydG;7X&#V~iQau*1DW)#l#saj%O#7}MdD+DC1Vmjkr?ye!vGAcko#TIc4wZ-4inPG7&ZGMX)y zK6O2S?+f#Vizj~TH##rBJX%`6Yau17SttY+NTqCG3UKHw6++5TW@j_^!+Z1T?u-A- zOzdY%{T$uB4&$4-Rzrh@fU}cvdx98YE;jwMUjC8mp~L6)Bj1?+a9%ldxG>wnNbm2i zbV{lx>}iAb;3sd~_%9xw`uqRM^3|)m@CizBwps(T5-F1sIWh{)D5z1T01!cBUN!UE zNQBrZ)5S{>BHBE8{2PC+|LebYaBOXhWR`?Da3Eqg zOpQTh12AFFTC(myGiIy-J$!PtwSXLu`{NeE_b|H?t1yx%`v z2O@_ffrY?kDs)8r@n>Db;WrJDWwtYz4yv9L2~%>ZCM#U>hqvzkm;cq;Z~wW?Z~Xa( zi>sqr%^_U2?J_n)kf3!1cH%JCS9bv`J-5O!ydZjXg18AII^q%IDDySTzML*5&dB)Je8vhRFbJ<7Gs zG|NvbP0%Nq#h*Mh+J73*oH!9Ui+uuaWb;nH&m)#21z~hJzJ29wkHq%**}YK-(2|3ub+GA+PGgn)B|NE3Gjd#>MkOo4!L8Y zSq~yJhMHIHVkQa$*Y1T!ngA0C+7Z&^3B*>_R@Ks|u4HEF{3s&@v@EzN7;JDOgd^0s zM`(|W0|5ABlIfBoAaEi?FQ+vRV`rz^KlN9BcjX&je^7P@5QPX8G!xa-6w-2&MKh__ z-5JgqXO>IOt$w~W$!nWyHtVyIkD6JN`0jJ^hH;cttf~Mqd5T<#dmJTaI^s|l*IG8C-N2sO+JDg3zIB5`dsY}6Wjf3z0 zc>lc*$CsWx{^eIMT)RA4S=i-z2GJPZ-I5t~$b*yGoK&1MriM|(?t&~7LGG2KvZx~L z3?VhEQ$3mFblklO^ztnMadNXxl%mMjZ=Zs*K013`9H7xuZW+@cOQ-=)921p-a$jK= zE?)Rse?y~OeuJ}nxj z`FZQcVY5in2sQHxZr#qn%wY?lSXalu3xnP94|eap^%FXCvj5TxCtto+t*`O==9G0x zKBP&K2mrbH*1l)rAV-o$8HNJfEO||+nQHc#unXXtte#0eM7;H!wnbqMFGM7>P~BUK z>Zim!@R|369}@@2*)JbfyJ1SRAb}}V=gMhr>}=Ta60~swve8@(JGQQGdySkv9XpjbZxm0eXwHxI$3L+?4#55E%16{DigA zx=x;8m5B$INnNi$|Gb}Ez5a*4M|BECsYZ@*m$^*!?7esE4?ep6FMltbJGc1kSv$Vg zJAZcN)QMRLE({?TGM7AJGDFiX>6q#e`M9K6YyxQ5TR@v(G`B?ZGlKJBZGe#F-AA}(4}cXgc;X=L3Ya^@*Wv#lrE=W1k3+!iBr1JEm9JU0qx*9C?FaPboKfUy@j^-Q|^jf7zvQM>UqT2Zu*X7NsP0!pu;!1#nCbrvzBue~jGOoQ(VO)%qVwKgbISu-Bp z+RD4N@Sd#fK$_)18tnvUKrF{1K>;@>GXN5}w91Ic-2@0;lg-K)BT;v%VRv}&-j42s&C&;x8Co(`jx;^o52*6 zsX7j{SkO2%7L^%q-C<}Z5R@&G*RbY`8NR_3*m7o?m>wo5rE7nXkO zE6=|AQvLo12d}>|{P<3N_d#bcE-93CicC!GZk@90Zt7Nmx*{&o%*c|cf^d&e_B!gO z?(QsQhceN}5m+2%mZ+*6)~Z!DO`Y7{X25Gz)uIvGJ6z~TvYf-C;PVy&eZmNsnfb!v zH~#M5esJ#eL$4QNrI%qK_?K+X1J29RWO zdw$2&xFH0nquFSjVsY%nYxcD-=*bfYBGXyT zHOQkTgK&BC%EI)bLIm1)0G1if*yC(tG*krGo=~|7O_Qz4zXG<9m1GXpmA> zS5vPh!99YbNMS;jO4Gtk$Y$(f6hISl1Xj1A+oc#YYlB&m!A(O|C781r>=R&zd=5-2 zt13IxGj3;R6|<>LU6)NwX!r;?JREeer?08-uT8>VqMc@ICyY>`ruyN+YRGN4`!pC{o(FT7#(!$ zi4cg82qFxq!zqN6ES4P#1+tGinHzZ>>SS(5MxPwUYrzqw$!3+AfrPBtlycwA=9$1# zICLv#W+@%;-og0y9_;>W^R;9BXU@*n*H*4Rw{hZh9m>(lQnk`Y2(?;DYL-k%AY$a^ ziQIzZhKsjlA4VfmPtKC@S}ZIKSOmHpi%L65eSgpy9u(8b?#K5Yy!{^SA58Xk5kZ^F z-B({acIg5ie?~itLq!eOnj8{3(VS~Fgg}}ikrD$+Fr!A%`3Qe8J0lT@nB0t93n&i` z%JDc^702UDM|KzxT4br`0`1R;kTaFcwCFFEy`Ec5>@m`8@1Z}q+dFxBG}92Gsk#I$ z!vH#jfdlszqgk=A)ID};)ls4ngVx@ijH=0gxxan#VE_Gp@xS<;dj%pZw5o+!YiB2k z(F;lDgkbJYV0E5U1xcQEPwrVS-r!(jcMQiiny`?=_=r52(Idk`<1uuAIX$Qsn5&x2 zd$FSrw-4^!pZ4N|AAIYsA@mme=PvQ)2KBn-^3v+++QQl@_evvn4$e|@nAL%Z9IRyS zPD~7jn-~T2qM8L_g3l(S*=R7@*~a#cji#gFc<nDbJi+e(~DsE7u0cHf??5L6z#{HqG-g*jf!txDh#9 z4y}v@X*%gd_EeG6Y&HwM1(<q~v z^I3zRihx=i2Tdi!Gv}1Q3y23Mt!6uSiDxKcr3sV}8X@j1>YK?r$}kSj4h~WaX<-v% z)IP25eCH<%qqG|P$(*aHOsCA`3Rm|~SW!B2?ihopfQ+|x7ROWW^p%{gsjL|Qw?HVS zQy-2ch@;9GJ~yT5pDJv9hW27)X`%AsU{pg(@`L;L`m-_jyJ+Y6WntcCH1?-S0SySl8DolT&tAUglpq08TK(X? z_cq4^^!hA94)tctu@jl(FpI&>kZzCx!p`i}k%IRQ4nDrK8DljWP`5*Ho7Dkgni!p# zur4pxNfn%Rc1x!H2Roh7m^U`mnr>oqg@h;~lZsQtLY6tsZA;I|$mx-+emrgt&_XgD z@QNxYuyn>E@wrRX@9*7tNDp?ybn0w@tt4e)4uRYXGjVr9yD7#Hj-gAFEZVrZRF6ONj#4S~DdgGBe6?1jq;+ z$N+PQA|zXgkq3LT_ui3{r&6aY#L0+2OmaBEG#Qv34tH~9xK!%1I#KFz(1%+xnaDzy znY~3(%!#x4t4|Dy%&8607{0u=S}!i!e&thL;;?=DK5y@LisLmijEdw&WCYF4K>}RK zoDDFykTrVP$U&;J5vp-Qjm0=h6-Am3$6;DAi3CYCZ=5-^_lF9OMCMjU2KM%2Rf)N_ zY>EaB!Nh=#r()JfPvSdS=>SWe&j^;8M`ToQ1iOpG^h1xTk z8}K=&;Bb{3mPVbD1Iw$+moHAfyDjiuknQ1K{lRq_9hWBE* zcm9H0=?T*D$$oFTUruIzkOq4P>0rBa>%E76{QCv!63Xxf@(d=hH6RqNtm<^TIs+Nk zfgS>O^2CX+|JK@9e|>jl^}eD?=ENL`oXx#br4TZlg$)^iK_q5Q#$AbZQZSrIXZ1oX z7AI4E22>a>}iV`JcgwAdL)g zqhV#9#ax(nYFqrmYsKl~`w#AJcH#%${Wi8Ab{_7;lgCG}sZiPPTiL7JqXT(s_u1b2 z@11<*l>uTRL7pI`7M#4UcR#${WoJ*I2#8WL&NT`4Lo(23ZI71&wC%u#AP&ype8*%~ zRkKMfDVb?qNZ4In!Ww$VO93zVZ1euP`yakt-@jLi)iuCOFfr%m&ZsbH2z!QD_NP-i z=q;{)`HRQ@{GS`2KKWs7)l7+^5Nh!x;N*FL1eq}iMj3CEnS@ewEm^JR0Zu8vmxGkM zd%J)5NByE$``VX>Wp6U8s9-ouHA{_BAW!KirY^(q1mvnYGtF?0Vp{v{dmV7e`lrN->s*%wH5sZVxK_QHjahW_4@w3AcRaoaP@olyQU}$Z7H33 za#i7e|L)yYCh|Ob?I^~a4(Ek`=Jx1^HjH!nT(A5hr8ccZ=xCDFd3wp{;t_ zoJMoxEz9Hmd<2T8&xJFmMpl)=3se>l_6Bdg)zz8g36^=NSu+M|PFykPoQ+E2U=(2} z%W`pXQQRkkgJ({ioQw`wXAf_@TTW+8Ua@0!eew7+P;Fo*M!}ID?xn###2SFD0dO`g ztC^&krNk`mO>MVHLmHgx&(_QM4{eXv34kN}0CPxQJ5t~{yT3KQb2qLXHzEo#IiXfo zhD8fd_G!nkcAV?$%*uhy)wA{_G{dt)CRYm7U?97M%yxG6Z+;NZY@$-Q z3*hh$d-dR+jRq{FYV6!7b3X=@u*dEMXwu+$>CaT4;ozV%92TzRnr0PP*ro8mMD9qy zD9HMi=dA2hf$E?Y)q&ZQIXQ$i!MwXw@#=5>)}_DycXv)7dsxt<6NgZg0m5$P&Eyw$ zh~?GEo|rVR&^$Di;85ZerlV&Qif_Mu>wo@VY-4frZ~mpNW9#>lN^c!nkO6^-OahUm z!ptA;Mh>wEM^%HeLJ0_Ft_+S59JJOzv`{D9yj`RzP-jAb6VVZR@H}GREWwgt(}9V2 zn5cZ=YISU5rW8pQi0b#>_Z#mmvm;gH>d;)3B6Bff1Hr(CU_=V7SyOOBou(f>&>z3| z%&6XEve9TE^6cK7>iwIgRzw&$=naUdkh_*c_Y;E|8MWTpXA7nbI~s|uR7Bd5nby)0T9laATDN0Y2 zL{XHXM0s5s@&2gyBA)J(bQRJSDaz7GqC|4(cDaUY04x?};m!D&c2#vU^ZiiO1MJdB zx{7xfE@J{{^h7t>oUC&)^D{(DW|@1YI=*(TU6oY3UAP;pVogykGtYPwnfERXyZHcC zXu*PH7P3r1RYGjftQNlXlOH|!JD<5Y)!7EQnR|uYl2q=cXp+LDBDho>5CTg8F=`qC z8NmV>kH_6g_YyCxu3h_^FZ9oz+w;*6g^#@F%2c)`;-OoWVo5Ry5f%dnPc64_eI+l7 zPG_prz48?f!<>T$)Aeyq*j5RXfF$nu17fvElQ_kbi ze6(+0@A0R$C6u6yy)_(N{noc;`QSU#@9J zwUx@8h?Dx}M)lf>c_yk-#WH>P!PIJRn;T1|mJ@RJ^^>RC>zkPq%(Y13=)id8x{rrk zy9N71V*+T<>+~Zvn*RTeTP^{1^b?HOoyEasIehcPsZLRvRbWr17Er}xQ6UO=QnIP( zc<_L8$c$ogCMjSQnDgG{L9z6)k1qc9r%$)y7Dc8k7_k|d!j+(G8r-BQN`(+eiPafS zFn9r^?oZEI|q@B#rpm6_2sCQ z2-yUiTbIF&LOtF#g77Vu0N%7i$cO+D<6ssEw7eSneF<lRXO#(chCRYr`~AiTbxtq!ZNRIy%K`f3g}*nR{|pPdhKM~y`-IX zA~*zzYY0H7@xlZaA(4VHvwxpSP;*UX9;sDU#q+Pu62lvFz8@sQ(+z&4Hxx}RiFByU z_dlFJ_0BRU?5I|~hgb^iSlR&XGBC>sZN4?%K zgrP*vTBO94%Er~L7hhbGETu|%ojp%Hp;=xLX}y@NLQ!mJhXxU-piE+}l(R+*%2+Q{mO}4Fnb!0s^7x4>m4b%7hxr7OR1t4uhx!LMTt33F@8w z2ep>gfshM)@|lwpH)c$wrPkcEO!bs3kX1#$9kKP&30qyyqBP>7*qMHez)$}FoQkG((u7{-7IYAJsKQ6*Z*g)5t{pIv(Do!jst z#){n86$&P&(zqfgSZ40z8ck!FqG>W^Adm+rUAb1ha&oFNWi}L_R>R-`2GXiIy^+x_LsgW*RJ&_K)oi&Pn4Lr_ST*tyx)c-xU~|X?(o&0 z2)WmTdXPFL#IQL|^M{Y>p4}riq2TrG5?~|dsN^7BBE9y^Gc(R(qxIRD{lD_5@!o^m z%EZx`of|9p#5DwgiQp-97*k@?Hk{gC;a6T7f9G2l{`@bCi`Qq~^`6Dw{@wABqZ<}R z2^PJSp@tId@Cb{9kQt~NlT?(!DxE`|-x^;3`+w%gAJK#Rho&ho5s5bAA2twzgN+G9 zl)NL>zIgV^=Re;a4x>7exmLo2m~CuqcMd;bdzMN_T@@Km2onGrCEbbCY+Y7*qsW=a zyR)-lyT9?;Yg6Q6i75^)Utf6WL7$&1l{AWrxj>1%G0j%0+rAJtwz8V;=2*SDeg2I+ zu&CvU6#K5_q$eXc#d@zU{5e~Xbq^s*d?#3AR|yB<%yU?)#)fBoCNVLwjJ z`$VtyUBQkQL1WJ%F9D8s7gLvq^ZFlC_fa;mu8A@c7 zDCM1ObozW;A8nJz_de17sgJI5rpOg+QlIWsEOF52)-}vJ7R|fM%QI)+SpUKo2mkQ* ztKazg@Wjd4_q}KDr++DX|A$u59(h|mN)V-y#|i>UBAOZM?^K-=i3Uwm%8T3O)xY|( z9NaHYJhI7d!sH}2xx_hwFqkF6Q6y zWIxng6iMDlU-(3Kwh^{#p5KCzLmZ-z6lrF0e(U7Pu(8=8Vxlw}Y;0UT@YIuAA+IQd z2(iP#7T5r(H9!FhoG3U+o2APeFCUlDunh#OjmR?&*~+!^Q;R*@v&6k6U)>nK_Uc>= zWCc)(g#Pw0f5*|*u9@PQ=ZkNDZzg~(HN0$ZUNh*1>-XE$2D;@E0Cisv9*mVK1tTaU z89^K_R3en477Jwc;2eV%#T4<(#`cBJ|Lx55?DR)Jw4OmDJ6Md^*oDx5;Mowsb)zdy zG3C#_y!khOvrC7G(ttzYjLL$<6KM|VuWU{2-)Hyl9VK^=^F-Hu=Lb6kbSHRl7>RQv z1SQX=Ivv>h>#yfU6|4$fT3@>syWQyrk8CTuL^vdQR5F5djm%`0D8_jR1C;rECoFFj zXU}(-942)gZ&kF>#`)8Gjy_(@?hZjVj=j|Gr)WmvU~E+>?@ir*@W7eB`_kOXdhY2) zqi3@2=_an|+ZDHF0)S9!CwavN(o7vr8D38JWr=zpW4{k zmAAL7!sACC{7=7Iyz@QRxK&B3f>DI(I0l$%QW9=4wM?CY!^a2;VN%R!TpErq{N?9o zx}CkB_{3G#svR7}%A#xxXVi!yB|#u~B26u?mbNyQ|NJj{Z=9b(wT&u&=x}d-VdL6z z9*D_9QMD>w?+<6+^W-=LmjDMd*L-r~riZ~)vw&*d_r?T(JP>iRa`)ba%?szND_46$ zm6rxuKJ&)hz5{XZzEMR?8JjbbhlYUao|*-^|506$pTr(?Yhf zwZ6PP^T^Se`}Ys7UMb#K?Q#gDm1*T9CH8eX7oYiVXRsA+l1RN3BtduL)=hv~>`z&p zkSPn;i3;;LKi_@u@Rpkjvr|xj*aHJ8=a@#t-1M|wK3~21z13sSZ9Mbc!L#4pdj313 z?|rNK*3-pzzE-~cT|Rp6e=NNjby0xumr>& zlaR)uIz;Gy<%=6nKfT04X6uyZKl;(#k3V(p*vYn1t||1L6-+Bo^jnpN)u`O{p2hA9az=Lv>LcZ(KC;NG(A`F)L+sfcj zluG8FWizd~_VPk%zaI*G3nvMK`9D1+pToTwhsy z*OOJd!<;ioD$7vIZ!x1`cM;cOTRFo#B&y}UM8dcl&+Sc+F)yI z&m)iZ^QbLSF0CFm6B9_R9s+{R*?9oW9oV1N*0#=^=|xIuTnRyUGG@QT2k$v-3TDxLOF2DB|x+IQP+6}f>;#GK&(<}z<7H! zefS9W?Hkm*>RRnBRYZVm ze1fZzMawj5XPIt|#^k#mKDu2IiD*3m5cY{L!K4wyU~usBQdETzOs7x;uG(F$I7`gGThEx-6=^B^$vq!<{%Q9NVno9LAbX!Zmk5^u`Q|_ z9mY!Fm;#U)c||2>J}h+*JF`zbwM7CB#w2FJj0p+q#vY)zt0-hJP1{>IAm%$AennTZx&am~o7=S#J`5Y=kCLjg3j8G-?i36L&olNUQxxm;d6g^raVilqhME(4U=M z_|&Hc`|lfsJn!{7LDr7FD#2oOFUmIO*RL%14n5dCbpPgP)b4aEQ@i0oQOiOyfjB8h zjg$i`%!Sk-u{CmAI<$Y|)S0-o5w&!;oa4&*bBhP|h248bo{0q~cm@U}d2n-f7jj}Z zk(l>k2OfQ7aQ;epZKY){9210GGcGe54VSO2udUp7Xz$vka}icLN(hUvB|vMZo{7;x z189BQSTHxmt(5@Sahs@*LgeHURE$}nU`weCk_|@VnWK-DGqdXM8IxP?WLi;-CSr_a zIy*h>S68;roSKOus!;b@2-IO@U>DEFXl*Sl9s2Fx80_1#333SvOVMjvF9N*Ifmk;Q zogD1e)@nB+zj*1wXa92JJI^fr>`za9@@KClB+8W7nb|l~c2Fg?_^3luUVBHAa~ds1 z-ulwtZ+!VHyMjdrQ&?B;zW05-|KsPcs5r-pY;Lt(Wm6nYw8q^bI0SbmSkU0^?rw`O zPJ#y~xVr>*SR{CGvbejuyTjf0R^6X)KTh>jP4{$9_nC7Z`ABqhxMw#S?dg?Um3=$D zJ5h)eayZjA+r^87$pR*2yTHJzjb%EOz~-~mHPSK@`Y2$uEED9tS@V5OSGTh6nA&g> ze)lFSU0sDCZg6vRB`hG2fGvg7sm%8Evm5=75O4iv0fK`mo5Gu&$sH|h=w?D?v#1E zTU$NeM<17^hiKywNOVHRs^16SF1#C5D1X*u!aYD}`k|Su*3u5(Di%{}9xn*R2Pdbt zV*6xciceXd0Y#qJ@8|8l=+(&a6!i}k^78!?#Zv^j^L1&-sLlQ4FS_l1msdqPwMI)_ z{sK1*5~rq#sYG1AH0?NQ?M!wBg;$=JRbtUcvwrt%tp69Fw@!UfDt>nbNN?^ISOf0F(M{b#pJCs!h(m9}1_zYE?Ja z6Ust7Zg&241l?d0_5Vamt#}%~+654N95zM+vbeKZKJBoWM4t_qJPsUpUKrBKFjqF= z6l!YLFD!d)blqu`+WD>W(qA8b`O~$Ym4P91zOoqw^i<&S?w|awIeJ%0lbcY&8%w?)Q_e5PL#*jg9;$uGwwDECUYv|^QkHd~ zv71KjIMF{wf&AS33~e-sl2Sta0!armIn~i=jvm|=xGHylloiRv)f$8!FTpB59B7*r zMzf0(R4F46)v16unC6bm_W(}6=U7np`*lk9JJ-13!uV;|#v@+9=E$572?=bkUJq8| zCQ3!jTEwuPP-|~S6Cta0f#1>gljw8N(~XXo)`&+HL`-eKUdQTI13a2{dgk6zgB(XTw_$st7;ARL<;zA5%= zK}-{QIk@>TQ)x>G>Yu zv_HB2a!8Q3F>?ViKc1#k9=u=1-6YZDkLlMjnf@%-{aSai;P32cRzDiz3yq~VSxm|$ zL0EZnI}0KAn(zZFR>_;U1ZX8dZuh6};h27Y6}MGt?M3|@ZoCPRvzXuJ%uG!*2e>Dy z1J3e%_v);Ssa72B?q82ex;Pb$6~EjXnGlsaIp;B1d{jMl zJIZWe@;rLH@gu=lxW1Cq#vH(4E%Khk-F7G|^;Uk} zH_m{Im#?BPS3FLi@PtrhnFJTTsW@hKvETwp)xKICB_B9h5e&RDGwXZ|*$_kr4~3*l z0UXA>YE=2^99wiZKB`?6=zB0@^*b@k8nDu89a)6lB?Zg!ta4wNK;XWpQ5;ZyHFMy^1bWfm6~REfeRGYSQUeO^n{& zKaetK?s3+$6XyhnqKArduOCw_ofC|9+FxcJTtZ;1`%zkZe(mZ)QsFSp&f@=^#*0bH zkQfg~8#;SyL##7jg19e90~ZVj2mqHiwMQeQ3)q>8W7!#<rq%aRE&4LL>k3?PI!kT5df|}MC@G+cMBi!?^^~C;&AEJl};&dv$fh?>!<_ih%^f` z>HWtl`!Kaim4^E`)RI6^(ArXV41fN$*k9F(XFnPb6Th?5&mVI9{@bR^ctuKksvZUl z%tp^6c`J9^c^!BLMcH3ysG$mcfS>_fq}X5lT2vuU5G{*K@cPSO$h+y2Z`==;qfu`F z@WCPujV3i>u-DeSS2niGsL6c6yY3m&q(GxqNs66$qeT0@;2}Kk>98W2V%~;UtrGJi zsh2o{f=XL6C?kd^sQ>peKh4O;6`<1ONq%B5Dv=PQ#sFWC#|akj5wy}`x=N0`$;X2} z3{AyjgPh=P;RtcWT(4`b)cn@x=I&{w%DPS#IVdFnbg6Z|Utl*H8wtk8E|!<9(n*z> z=xVy&3+T94F*)nLrOFc#1a%0pTFGdn!RMk$?Jv6#0T!1*O%DYAu0YQPBxvv$(!9MH zqjOzPO2(8JOM$TPp)&jXHNDQmnKDuxak=B&6B(aAKLwC3k~IEHx(Z@m zOYgLcB=U_q^EkfE7l zi!)b-76uN69i?d5EO6!wSnzB7xWrvBpQV^Z()KA@*{9GbUpx9|@3q@$VDQHNj_mCF zX1f6|~n*3%#L7H+nDxAjh#?S^gNM%{Q@7X1&m94(+5D{*6pPE9L6iQvM` zoIRC~4_@umlQx#BWA$*eka=Elwy6IOIb@P6$ffi}j`yapV!b)7n3)b2sglWCL_&iu zkCuSPhi+wXlPF_>M3F4DIUSFs0lcsCEtoym_GOm8L#dkPXAjojYSy|RK2J35hfRB4 z(a_cd&C5dp^BAN~<4!QvZd&m@0(9YJHmait#Dkq}>pO8{LavtfALnj9jxT!_Yr=jN z8G1n2@{nvv(;Iy!|Gns|)r?;{`K{%y_dB9S!dJ50E`?yJ<6N80!>Pq_b&JEy)$PZv_m8W;|!FEufnBR3-wU# zzVs1uGHBrZ(;{H%zKt{aae0V)HqgnmU5>Dhs=Fpchv(3dj@L2GkrT^ zWkN(wlR5_rKN^{&JPW>?{JFk$w(iIm4utZ$bHzD3 zm;d=vw8^`p zj6sA6_JU-Zg<)|ioZx~QBj>abRmRycG*EKY_jvGA+X&2+>1s-7`76OcSBiOYf z_Z!P=d2*}df;|xPLRF}5xbhJKLZ!MG6%A$hxk7)oK1E|KZb@Ub@>ku)wDk=?Duiu=vBjQX7;;N znF&+2?#u`NdHd&Ta0-R1Wcg*#5Q>z|NtNm6Ru}WqoU`c6kK2NuaX$`y)ubZI1hX1x z3*)6cRDQe8cP2-5iau$a-OYh6MB1Yfr%;2+1sJqr`cnb&;3%jx(_u7KOj0TH(wQTj zksO+R#mz6ry(JwnA)xEo6PxZkqaR1RU{en2u$X+t{hUPo1zbnPG2u(WZo7*gLq3U# z1Cc?Q?=g`%_OU%nlpQY^3LVYKaKs8mvx771xAvqi)^nCxjHIhdN#e(0G@#IicM6hN zYSg|&G5iBmI-VrODqgp8;a-5o)$;rb6k&9kwkgE~8(Mg{$o*9B^Yi{jK+z0)iMX-v zkzwT@qTbiRgpX>2URLrJDVY2bXsG;5JSR&_B>ZFcYNffqWriQq1P7Qbv|guvKfzqXqvP^MH=K)y9knJ2^eY*ld{A+#H;~j8#3##5U-Z!7FdM z4tR>#A|`?ryQk63*^x^2Zq;0oHRhokhz?P&7H$fg)?rP>;uhks*L|D8IPx}4A}g|r zw}5(B_e?P>F$|X-nt&ukaB-u5-wy(~F9;(QC{&R|t4&bC(VQxoV!eW$mAPkcyX@8XGlMO8$RfNhRG;{Q zZH}RCOO^-%Ta=C=X^;OsY!s;HER1b-BX2@!^q=xS_3c0L)qD(WtbLd~;ICx_2V*aU zyN3WR7os8<2ZN^co$tFgp3ZK{mmlAOH`DUQTHlJ)+o{B}n{M#}Iib9i$TUO)FnlVP zmru2=TpjnGN4T5aau8O|G|!L|C`Yt1DjUGpn}AzxUTT2*a2nV7-tQ)}Md^tqvr91(#x z!uU&?myKrwDz~9s7K>PV)QAW&;$d6IPIQj=?8JVi359UFolVma)Te$9=L3Pxnjk=k zpLH0C-F6|*TNoaq=v(AX+Is#>n*N{^MR@75?WRn}wSkaR5nO9|Q{l2G8c*Z|5=((R zyicamPD*V6wTbTH-Di=GePcBakJ>fbem!Q-dwHHo={??-rVr7NwCJ<%JANB$MOf9z zx&l}+@!9#7f%JjdE5~{!(B(WSQv3=29g3OTt`{i2w zP8ywkASVdL(Z0=B`Rj&B=Y30_Xh%RK=9(8-0!Lgt=b5$$18W^`k&;Djp7^ zq(**8fX5gi4z=7WaMz4Vug!ZZA)To;8ptYvibSCdgXM=)D;!N28pVjLgNHKFBGJXk zxALA5$MW`WgAn(*vqlyV+pQAWJP9;%7nLzdc3AQt)zld1|G2yaJ*Yg%qXcx2VW?!> zA^}R%O|82$J{~Xpk;+SFjv4?vJoJ4g^0b~MEjIlX*+G6JP&C-YtBGH!)f!T=+H}Hu zQT}6V^{)Fht9PNRO%g+1p3NoRRU<*oLfya8#pqq@zhlYY;$=gCeSrlq4~N)B{B=52 z^V3}VwYl=+F`zd4?KO|}z4Sv}Gecvg_jeW|FC23Yzp7>9sDeh5j^EO1sYuFMM)xDZ z2hh`zCpzQL!uAuW(*wr-5NmjtMYq}+Y_YE-!O6${Htr>KS)W&Rf6+az&M#3&*e4b= zid48<-$l;J8R9toqvKnA^-5e4=jj;9U(7)zq^o_qlYPwNpe#63 zt-5t9R_pgd#*T3k1%NjOnjxB3gFVH4>-BQ6l6m9Jm_NYGdEESGCYLU_=(l=)|1KCe zNE!;{HMG*{_P*E3ij)6qr1S`CwN+2`6dWeTQ0Yn&A3>W~j40mv3U1W7IWO3F&G}bV zRD}+aR^o2!RhMUh38N+E*Gpypu_=M+`6sRG@#pm&ZX*%BmjXVc_ccYY(i(&ugi8cn zU`cdW;@N$$cJrTkvHzjC)e0>oKtgVfOfe{?LmQs*y2s(CGy#2uu2BRbPr(C1^d!1q za6Mm6LT211;=SXB3uPirm zf4seJuJ_(?%X^zp0G)%=M7ujxJPMDM69WOHxLD$(VtjHo1y#M%%nx&h_LuH!-It*J zxs~n(RYM&vS`K(hx-!{j&+}>T&W}ypI85r&o_!?ib8Cl~Un5l3I$>e z7$EpHT?U65$cYK(#uh!rnhPU=9*5x=4*fUo!tpwf z`gHH9>@?XGn(+|e{iR(&Do7H4I7CC3m4KtskHe>;B4p?41X<#!QkE3l$mSndu!`uZFUw5Sd#VYpTuq@Hb5?^B+{@{t@B9Y&=6v;e)$qg6XpE#~#WP&%qI>aw(4!spaZ%T-qm&dgkWF5B*FG9o~`VO~a-U5mc5C4~fR79BjjXT)GSmo`^$6n%W*{n_#oT-nj6ihSN@P=ja8HL=&y zGmU8VU@03O0h{|sN(Z~%MY-3~`9J|tea}ylcfo!d4L3J*>uoluAc3z9X4muYZ*y%k z?nmN->O~vhWd`4s)F)c4ZvEdut|YWQm~qd28wpfp?K?q5TH`L*m{qJQ%%$VLYG>Ua z1>(U8b-=UwzrPfPVMFqrB+=>yz9X4B`EInwJv;bW0f2rU%n#{ux9YUcDc}^U!I&I% zbr0M^r&JKBPl|p?N0)JjtJBV2QXj#u-!lhZ68hqu#tK3ORD=fAo^y3?V{LA1Idi?O zcBp0b;vS`?2rL^N&yYB&46u#>2BZH`p81Y+R=L0zmy?d-Qu*B9Y@>2IoZ^zTgTe4Pz~%^tr=RYxTc#ojl9_b;3*PE$|3!XA(mdZ1 zZAK)a>1BhAqcNSCrNOrq3oy&=*8~lJ4K3eoSo>`9r{ndFpjnyppLWdz{n}ava&?Dg zaagaXA%c0nVH!;XMfWKA&hYF zwcqY08IWqZxzVZ9BkGEckL0uTD#}JOp=xpFSX3;EaGb{Fz5O!oNRM89?4c*R^bEN9 zsA-kJ*+hUX%D}-2Vp5L~VCL-Spgo&I)zPjs*?5_RJ@i!23ihKJmDrO$hv8Qg=vAnP z+wOmA4lCpX9gwNqk+(YA+Wq)ZEvp5UU?7d;q^OU2Q%Ps`D`C&95fu1OMDRF zAU2+K(VdQoBf$?!9*HQShsC14afhu0=mR+ZcBpgpjQFfjyk%ODx`2$7|JL2*aWo*{ zBjp`+;(<6~R;jaSgl6Y{4fZ?~t~DrM21vt2Wr38vn#>4|R$y685i)mDc`z}?#s+2u z$CjM~(i>+}mj*FxFPSPL5gy7CnFo}@*~Z62{Vkt^B*L2hG$*Rt*Q-wVa1ai|hA`1; zne#?qCmYG-FkKhoerL1z?6AB)de2;274Y%W^rr)0%><+0Ofzcp4k?QB6Z02|Ywu{Ywuo zaAv!{p6cpHFV^`C$g=5zPOWm~s_6$Ud@t6etJZDIHfQpclL&Cx>jw~xY`=$m8cL)R z>OmTp+y;;L5-S%bFyj)Hxsy|q$jRViHj(>Sz6)Q>{x%}12-))fQYEI=tC;ZZ6wAWZ znpRyBBS>6c8jI2lvE7r%^$T&fXv_28hqvdsr5FPI60BlP$8py#YTi8z8)waY`cHpD zIX#QQ^;=@?^Vp%`%_A)p2E5<)2!PB6`^a-lX6IKAF*igzmWFD=h_29_3}r`XFSo}a zV8DB64(Q~@T3u_GifVsw3_cjT1NqryW$-Kqs@3kJ6Pan|bW$2Ee)a`61jbHJG9HR- zyJI#bskEima0z%xG0`+sgGYt6s!NmJo*=N$4CJAJ=_jJ7NTj)^MYB0r4*#6%^LjP^ zhB-C6S~8X2)SxOiZfZ>_V@k)zW##4u9}ksUCPy|Lp}*GbGlTX}ig5su5RUCVNFUTiy4hjiWF z`RBi~45(y}go^o3m9BzdHR8x}1fLIQVKIkS!4#%B-z&=okChc^?xL>r3xtt^s8C4~ z8vCe<_U6ek!%LMRl>xkF#ORyGwWXs1JtXLqpM=#cv~_cKi>ieuVT>wJE|NSb7zlDM zpCTAFv$^aa5DjW`zyrSPsek$YO|1&%k?yux1qrL0tM=j&PF68@KCW)25R`@*vSKBb zKIb=Tyq}|$IA5H6oaI6-nkh^vvlph`lw>glFFPU3lF~13rfT%++h^K)y)GY*J{Y5u z^o6|KhdGh@VTW#3*;ByO1C6wjk_5^d=MNm{pd6g26^e%E6c_H#$Me2&-QixK$$UO1 z|C-ExwkEyE@SSv-1do@|Atbsu<&PaJzA~kY{0xi~+s!ZdD^9K1+UZ zWiJg7t}b4ny^*g%l7iay%oN%tFaoz8JDn9tCLFQ(Cq-6mS7PjQuUP)xmg(_ug8hYh zFH1@UW#rckAjNih1>_vP#}@Vv>XdOmi;jgBJ~^^TS-6AO& z|JOE#pMxm8d5k@*57T4)4a4UEcMY?XFJM9NwHNWbt5>=SN;|&0ee3vFShy9lAH(-0&c`^EQL+0i=Y^fiE z9Qaa#`Q9A2f`tC;jMObaojGGa*5eV5nArT!MbkS}GN>e<*P38kVGa@)zkWw5e)y_&lFk_Bm?UqXxHOEP}9>Q;yOdR$|H04I*x$StTB(ihzt( zBSo~VgLC;N=r7taRfGc-hc#8k&*NTC&(~DHBP93k$&m+u6FC8I;B%GNzrC3L-aptj zR8jOwjw4AmP3}I~QrLlNVB558xp+7XD#WUAp4Il(@6Ne5e)x`7BLdoM$pv{qom07b zE_6S?;%1vckygyLI$*;~IVM@R5Of`E;CTJTxJ>n)iMSoi(L9lxrSQ?l;M8c17sDNn zR2mkv-}}uBAu&!@kF7=DR2x?Ym$$cLV+%BLp+Lh2D&=4s zsa3?z4dOLh7^bvNo!=iE$h_R+A>Qjeh;AZY07P9Zx9Yuoy{xT(796BMv zjYUK{T%Ni*{Z=&2rYqoN=w=Cru4^W7Toi#xL>jxt@JT_MtI_*vlyvvUcq=UKCW8Aj>jSJZ z=#G&#j0ib&E~B-X-Rj|R-3+B@>i&rPg#MRJ`7#gp%sD8wdK!-2b-O=^inEf=8jFw0 zaI~a1h2-8`i4MpWj$I_JnBJGZrWdPG$fc%cRyO^h>S?q8*#{Drge#zAovc`u_nRtd zC^t7WypH}Olk>wktqqO=#S@AJO7gkF%~~reQvfNkbbF0w@a@&nJg!-~Jsn@4%h?2Q zoBt)B>1X=fl92?;@alMlN5(5^{UrAr7|(MA{y3vAMS#eRLOb0pV($a`kKP93uLqIJ zIV-8$yh@@*A{QBFr%~$ICYdyNNsR*_R(&U>e|FqzQYOa787ltbwpf@UC&Wi)AS-k# zW(N&}OpzCRQ8>Sx;Er3v;PS~!^5{cT1kWmwxtXSa0iS33p4J~xhik}_q}3cqC&a^R zhK!BP)M~A)v|qHd4{pYwY)60?0#znml%3GhBcONjH*tR#D29gjy;lw`@5#cXG3wdq zoD3%oD7J{hbAX}EE@SA0eL95vDzs2BX4f;5-ml3#k^ao!KtVKVouwx>X6b2baz2fy zzrkAs=Tew^Yld=JNgkKypgKC%bl)Ct_Gi?!3Cv-1KGh({B(~!u-~zbl%1PpRCKA>F z?uM{Ct`@M&l51wReJ9DTaFug&N%chSkq#LtdQLYp5Dd+-(Q;?!AMKh4J| znakbt>Z!YzzrSW1^&jqb+zjCLGCC%N((C0pLF&RA-zebepTj2%> zA!M;J<&nTz}C*-Di}&SZ$`LOha^$-umCXs317~Y3z*`$Q~ZXZRZbGE8{683BsDa zyCFOdGU7oE{LPd?wMseK^6dG%y196Dw=-k~0O;i21viDlaa5*7ko1Pk?sKl*qLZOn zFeD|(QmI?pAjV9k>n}7m6QB0*G-S#s_La}S?#Ptj@7LzGF&ON1sDW-XEHw!y`cgcklNgfelriUy_v#nh99|o@jfEk5&uH4u5V~=<13B(p3;|fJRiv) zpVVqCmL~l9!S2rYW3lqzgy_Km``{huiLj)B0lQkL!KFf7n7_i#rc7m0)!b!Fl8#&3 z2AI1`+C#yihE();gd!>!fna+{+OCdpI2gjzZ!q#8WcuZ2J=p&*ZtdN^(zgasbJCKQjrptNa) z5~ov5jIwa_h}on`ZfPF065($A7*6WUHRh4ezk4bO}qa$!iAt# zff%Yk%68Y1F&$N(C1)=MbdZ+?n&qjGpEq{iXkTB!tPW<7?zIJUYhAzT%zr!`ExCb< zBRlWUvcSEs>liM6GCLuHoJ~28g)005e2IVQgEa)()Ga16EC29Y~~=+Pbb_BvT=qw38frV?|@)bt8}g&{qs zbU`|7DntsNq<%Qti3MH%1(nOMl*jaKffh_wfE({ktqQ-ha6)ur`XL>1fZiOff#HxU zncsh&f5^=u!Qj5z&A2Ne5WNkm6wgH@aU?~X752El6MdgCGFTy7=+A6LDB->CY{|OZ z>L&Htr+FL-y{LNl42fq+gp&3t`TV~H3gU*8Pt#CImhY|8!u&SZoPJt(u~9*%>~k7g zb_95NySm(EI>Z75eo7ZZOc~s2Gj4-i|UfBZ15LXOS zAx^~*$Q0%Q``&LW&dSm1C!xiA2u$YXGwJKZhs{elrm-t84t3PNCB`CL7z%8!y}5Gq zA0rbz)4>_07kv1SUCGtYvjJ4n;psQw7CSmmTxY zT$$r?v}44(%$9z zj`?vr8IY9=3EwNS0ou2#C&D?XNRHUVuT&R1 z^JN3r^O(eJiZom?80mS*!0R-?J!IWlAw%>IqNFpp1wG(cpaffF!G%m2Obz{s5H|$+ zNryepx8Q!jy9eQeLeU4o}Zvc6+x4dV{Tp&Zq$5YrVc1&oX|e9FcV5F zoMYAvuG_zv1737q{BK&usf+Jp22=&HzgWd+yyXeNV+KV?&EQ2kV;Dboe_SpPTJy4b zX)I}=XI7Y6xll{O3JxcbD!v9AuyMnz$oRVay?T0>TFqkikoJ2cz_GH7 zmA?<5YWE1r+tABPyP=4xpqCbiU&lT&LP6R*cC*F5YpjTNE#*@ZzCy&+naGktt1hfA z?ITZ@7rM2{AvG>~|LarR!!I^S7AQ9fq(U}(+=9Qs1Z{o+CU>}&;9IZggF<=+}}rYwPE zAOu<(H>;M&zvW3UmR@Ggq1M%&d0DS%9$L^I`DwfR@o0E&Z*#0 zEHCJq#lnCKAt`UvQs?X+<+{OV;y1`*WU0-5dFeKJ%-L9J=+RqH0wnNT)C!x>Fjnk3 zVd#WW%86wpx>BTVYPN%AJS?D!HT|ZPBQCuRS2He-H^`FK)}Kn|FlUFL8G7kTiL-Pc zqp1JFw#6gzFEHdqTJBgTa;PO)l}hsu*iG9&^v39IyzG*-R=38jEh(sJ!lF0DQiBJpCRGf(BRn53xf+sr?~*7f{ z98W$oN%KCudJpFyNdda;DM<*eSwYMCtDv$@?z^W~>!%ThAeJ5?(4P-)$?^*D@l3{y zB}!1q&QTK4lajONfznzKgkJF8g79YG@4r}-MRF&t8C^6xNk`AHYWA(ufRQcxqT64H z05fu{H$5VGl*-YmQ2>#P3xTMfhlXH9AoU5;w{^YkKZ-)!B6d&{a#$^!tdnjeGz!q# z(-}7BeSa`|!kym=!AliSLF=FU+pCneW68uixL^au^>K>G8*#7`t~Fo)vn#WYpA~;V`A7`4KIz&CbKx~Rv@N>$W4hQ_+m2XA}+=c*~PCPz2X4# zTQPRW6|N~gB6GRqT?%07#M$y#5@yCwNSoHt!RuSG{JhJz6z8Vq^>eQ$-hRmA91D$~ zMZFVp@#;+x`81*-`R<{3gM1**@~88=jte${n{J+S+8)Qxpt7GK zxEkhILKXe}0`SMqmxKC(KKt3R2<}(e#RXCo*`az{aEbbI(V2{kYwEAc+r}`flv~Qu z#fA#23Az+A8PX&+$}L;a<0n~wA!9qM+=w2|@(e*Shrb|`QzIhC>QIIVYVTgtI8jh; zCEHp_F@Q#*ZwT7DQ^MobgK<@M5AFY2qW4jEpP+2{>E;VklHyu$Dt;;2+IA|!mX;`X zRjIo^c2#pzYJ*de?~m2zRa-;eYj-?@ZB2vn68rK9kEpWh5M!V5HEYCeZPB5i;m%Re zPlQ>64(_HWQQdqWxoNxl^rM~roGj=(yDVH!EX3ZFg5EozU6@?UIlHFDFc*cApOO*E zdR@)WHqg_{YE>ankdCfuV8mn9bh3YEYj$vOb56&1fZ;1RMhfikx9JM`@%GIB$yoz( z=ZdIpc#oZ6Lm5v!LP?u}|IzV%{f;nn#JWCVMe4#eSMTFR%gFRdWs%!7uk$!t zj5Ov7V-z={dyGZoNqY@Q`0ZKx->Rf8yb_fd%SHUQx)z}~NCHUa0ssI2 literal 0 HcmV?d00001 diff --git a/plugins/Huntress/v1/indexDefinitions/agents.json b/plugins/Huntress/v1/indexDefinitions/agents.json new file mode 100644 index 0000000..809a38e --- /dev/null +++ b/plugins/Huntress/v1/indexDefinitions/agents.json @@ -0,0 +1,30 @@ +{ + "stream": "agents", + "name": "Huntress Agent", + "icon": "huntress", + "id": "id", + "title": "hostname", + "description": "os", + "properties": [ + { + "name": "domain", + "displayName": "Domain" + }, + { + "name": "os", + "displayName": "Operating System" + }, + { + "name": "status", + "displayName": "Status" + }, + { + "name": "isolated", + "displayName": "Isolated" + }, + { + "name": "version", + "displayName": "Agent Version" + } + ] +} \ No newline at end of file diff --git a/plugins/Huntress/v1/metadata.json b/plugins/Huntress/v1/metadata.json new file mode 100644 index 0000000..49f506e --- /dev/null +++ b/plugins/Huntress/v1/metadata.json @@ -0,0 +1,37 @@ +{ + "name": "huntress", + "displayName": "Huntress", + "version": "1.0.0", + "author": { + "name": "Community", + "type": "community" + }, + "description": "Query agents, incidents, and organizations from your Huntress Managed Security Platform account.", + "category": "Security", + "type": "cloud", + "schemaVersion": "2.0", + "base": { + "plugin": "WebAPI", + "majorVersion": "1", + "config": { + "authMode": "basic", + "queryArgs": [], + "headers": [], + "baseUrl": "https://api.huntress.io", + "basicAuthUsername": "{{publicKey}}", + "basicAuthPassword": "{{privateKey}}" + } + }, + "links": [ + { + "category": "documentation", + "url": "https://github.com/squaredup/plugins/blob/main/plugins/Huntress/v1/docs/README.md", + "label": "Help adding this plugin" + }, + { + "category": "source", + "url": "https://github.com/squaredup/plugins/tree/main/plugins/Huntress/v1", + "label": "Repository" + } + ] +} \ No newline at end of file diff --git a/plugins/Huntress/v1/ui.json b/plugins/Huntress/v1/ui.json new file mode 100644 index 0000000..295514d --- /dev/null +++ b/plugins/Huntress/v1/ui.json @@ -0,0 +1,22 @@ +[ + { + "type": "text", + "name": "publicKey", + "label": "API Public Key", + "help": "Enter the Public Key from your Huntress API Credentials.", + "validation": { + "required": true + }, + "placeholder": "e.g. pub_XXXXXXXXXXXXXXXXXXXXXXXX" + }, + { + "type": "password", + "name": "privateKey", + "label": "API Private Key", + "help": "Enter the Private Key from your Huntress API Credentials.", + "validation": { + "required": true + }, + "placeholder": "e.g. priv_XXXXXXXXXXXXXXXXXXXXXXX" + } +] \ No newline at end of file From 1fbe40d4113fe4ab5523fed20627a60c07048eef Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Thu, 9 Apr 2026 16:33:28 +0100 Subject: [PATCH 02/13] fix huntress shapes --- plugins/Huntress/v1/dataStreams/agents.json | 2 +- .../v1/dataStreams/incident_reports.json | 4 +- .../v1/dataStreams/organizations.json | 2 +- .../v1/docs/huntress-api-reference.json | 6814 +++++++++++++++++ 4 files changed, 6818 insertions(+), 4 deletions(-) create mode 100644 plugins/Huntress/v1/docs/huntress-api-reference.json diff --git a/plugins/Huntress/v1/dataStreams/agents.json b/plugins/Huntress/v1/dataStreams/agents.json index b186a20..29c8e4f 100644 --- a/plugins/Huntress/v1/dataStreams/agents.json +++ b/plugins/Huntress/v1/dataStreams/agents.json @@ -40,7 +40,7 @@ { "name": "ip_addresses", "displayName": "IP Addresses", - "shape": "array" + "shape": "json" }, { "name": "status", diff --git a/plugins/Huntress/v1/dataStreams/incident_reports.json b/plugins/Huntress/v1/dataStreams/incident_reports.json index 730bbb5..3add707 100644 --- a/plugins/Huntress/v1/dataStreams/incident_reports.json +++ b/plugins/Huntress/v1/dataStreams/incident_reports.json @@ -45,12 +45,12 @@ { "name": "created_at", "displayName": "Created At", - "shape": "datetime" + "shape": "date" }, { "name": "updated_at", "displayName": "Updated At", - "shape": "datetime" + "shape": "date" }, { "pattern": ".*" diff --git a/plugins/Huntress/v1/dataStreams/organizations.json b/plugins/Huntress/v1/dataStreams/organizations.json index 5138f6e..1ba243b 100644 --- a/plugins/Huntress/v1/dataStreams/organizations.json +++ b/plugins/Huntress/v1/dataStreams/organizations.json @@ -30,7 +30,7 @@ { "name": "created_at", "displayName": "Created At", - "shape": "datetime" + "shape": "date" }, { "pattern": ".*" diff --git a/plugins/Huntress/v1/docs/huntress-api-reference.json b/plugins/Huntress/v1/docs/huntress-api-reference.json new file mode 100644 index 0000000..25bfba2 --- /dev/null +++ b/plugins/Huntress/v1/docs/huntress-api-reference.json @@ -0,0 +1,6814 @@ +{ + "info": { + "title": "Huntress API Reference", + "description": "\n

© Huntress - All rights reserved

\n

Introduction

\n

The Huntress API follows a RESTful pattern. Requests are made via resource-oriented URLs as described in this document and API responses are formatted as JSON data.

\n\n

If you'd like to request additional API endpoints or capabilities, submit feedback through our feedback portal.

\n

API Overview

\n
\n\t

Authentication

\n
$KEY = echo \"$HUNTRESS_PUBLIC_KEY:$HUNTRESS_PRIVATE_KEY\" | base64\ncurl \"https://api.huntress.io/v1/agents\" \\ -H \"Authorization: Basic $KEY\"\n
\n
\n

To begin, generate your API Key at <your_account_subdomain>.huntress.io. Once you are logged into your account on the Huntress site, check the dropdown menu at the top-right corner of the site header. You should see API Credentials among the options if your account has been granted access to the Huntress API. Click on the option to continue to the API Key generation page.

\n\n

Once on the API Key generation page, click on the green Setup button to begin the process to generate your API Key. You will be redirected to a page where you will be prompted to generate your API Key. Click the Generate button to generate a public and private key pair for Huntress API access. The inputs on the page will be filled in with your access credentials once you have done so.

\n\n

Your API Private Key will only be visible at this stage of API Key generation. Be sure to save the value provided somewhere secure, as once you navigate away from this page, this value will no longer be accessible and you must regenerate your API credentials if your secret key value is lost.

\n\n

If necessary, you can repeat the process to regenerate your API credentials with a new API Key and API Secret Key on the same API Key generation page, at <your_account_subdomain>.huntress.io/account/api_credentials.

\n\n

The Huntress API implements basic access authentication. Once you have your API Key and API Secret Key, provide these values as the result of a Base64 encoded string in every request to the Huntress API via the Authorization header. Your request header should look something like Authorization: Basic [Base64Encode(<your_api_key>:<your_api_secret_key>)]. Please refer to the code snippets for further examples.

\n
\n
\n\t

Rate Limits

\n

Every Huntress API account is rate limited to 60 requests per minute, on a sliding window. This means that no more than 60 requests can be made within a 60 second time interval between the first request and the last request.

\n\n

For example, if request 1 is made at T0, request 2 is made at T5, and requests 3 through 60 are made at T10, making request 61 at T55 would result in a 429 error response. Making request 61 at T61 would succeed, however making request 62 at T61 would fail, at least until the time has passed T65, corresponding to a minute after request 2 was made.

\n
\n
\n\t

HTTP Response Codes

\n

Huntress follows HTTP standards when delivering responses: a 2xx response is a success, a 4xx response indicates an issue with the client request, and a 5xx response indicates an issue with Huntress servers.\n
\n
\nSpecific error codes are detailed in the following table:

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Error Status CodeDetails
400There is an unexpected value in the API request being made.
401Your request could not be authenticated. Check that your API key is properly formatted and included in the Authorization header.
404The requested resource is unavailable: either it doesn't exist, or your account does not hold correct permissions to access it.
429You have made too many requests within the rate limit timeframe. See the previous section on rate_limits for details.
500

An error has occurred within Huntress servers.

You could retry the request, but if you encounter continued errors, please contact Support with details of your error. If all traffic from Huntress is resulting in 500 responses, please check our Huntress Status Page.

\n
\n
\n\t

Pagination

\n

Certain Huntress API endpoints utilize a page_token and limit parameter to specify a window location and size, respectively, to the resources currently being requested.\n

\nEach API request will also return a pagination object with details about your current pagination state based on the parameters provided. The pagination object contains:

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
KeyTypeDescription
next_page_tokenstringThe token used to request the next page in paginated results. If no page token is included, the first page contains all results.
next_page_urlstringURL containing the next page and the limit provided in the original API request, to be used to continue sequentially accessing resources. Only displays when another page can be accessed.
\n
\n

Following is a formatted example of the pagination object in an API response:
\n

\n
\n\"pagination\": {\n  \"next_page_url\": \"https://api.huntress.io/v1/agents?page_token=MjAyMi0wMy0wMVQxODo1NDoyNFo&limit=10\",\n  \"next_page_token\": \"MjAyMi0wMy0wMVQxODo1NDoyNFo\"\n}
\n
\n
\n
\n\t

Request and Response Format

\n\t
\n\t\t

Request

\n\t
\n
\ncurl \"https://api.huntress.io/v1/agents?organization_id=1&page_token=MjAyMi0wMy0wMVQxODo1NDoyNFo\" -H \"Authorization: Basic <Your B64 encoded hash>\"
\n\t

The base URL for API requests is api.huntress.io/v1/, followed by the resource requested. Resources can be requested either singularly or as a list, which correspond to /v1/<resources>/:id or /v1/<resources> respectively, with the exception of the /v1/account and /v1/actor endpoints, which only returns the account associated with the API credentials provided.

\n\t

As an example, api.huntress.io/v1/agents would return a list of agents, while api.huntress.io/v1/agents/1 would return a singular agent with ID: 1.

\n\t

Parameters are provided to the API through a query string. As an example, providing the organization_id filter as a parameter to the /v1/agents endpoint would look like api.huntress/io/v1/agents?organization_id=1. Accessing a sequential page with the same filter active would look like api.huntress.io/v1/agents?organization_id=1&page_token=MjAyMi0wMy0wMVQxODo1NDoyNFo.

\n\t
\n\t
\n\t\t

Response

\n\t

The Huntress API responds with a JSON object containing requested resources if the request is valid and authorized.

\n\t

Singular Case

\n\t
\n\t
{\n  \"report\": { ... }\n}\n
\n\t

In the case of accessing a singular resource, the JSON object in question will contain one key that maps the singular resource to the singular representation of the resource name. As an example, if you were to request api.huntress.io/v1/reports/1, the JSON response would contain a single key report that maps to the report with ID: 1.

\n\t

Multiple Case

\n
{\n  \"reports\": [ ... ],\n  \"pagination\": { ... }\n}\n
\n\t

When accessing a list of resources, the JSON response contains two keys at the root level. The first key is the plural representation of that resource. The second is a pagination key that represents the current state of pagination based on parameters provided in the original request. As an example, a request to api.huntress.io/v1/reports returns a JSON object with the keys reports and pagination at its root level. Further details on the fields within the pagination object can be seen at the relevant section.

\n\t
\n
\n", + "version": "1.0.0" + }, + "swagger": "2.0", + "produces": [ + "application/json" + ], + "securityDefinitions": { + "basic_auth": { + "type": "basic", + "desc": "Base 64 encoded string of your Huntress Account API key and API secret." + } + }, + "security": [ + { + "basic": [ + "basic_auth" + ] + } + ], + "host": "api.huntress.io", + "schemes": [ + "https" + ], + "tags": [ + { + "name": "Accounts", + "description": "Operations about Accounts" + }, + { + "name": "Actor", + "description": "Operations about Actors" + }, + { + "name": "Agents", + "description": "Operations about Agents" + }, + { + "name": "Invoices", + "description": "Operations about Invoices" + }, + { + "name": "Escalations", + "description": "Operations about Escalations" + }, + { + "name": "External Recon", + "description": "Operations about External Recons" + }, + { + "name": "Incident Reports", + "description": "Operations about Incident Reports" + }, + { + "name": "Users", + "description": "Operations about Users" + }, + { + "name": "Organizations", + "description": "Operations about Organizations" + }, + { + "name": "Summary Reports", + "description": "Operations about Summary Reports" + }, + { + "name": "Signals", + "description": "Operations about Signals" + }, + { + "name": "Reseller", + "description": "Operations for Reseller-level API credentials. These are mostly the same endpoints available in the rest of the API. However, the account ID is included in the URL, so that you can specify which account's resources you want to access." + }, + { + "name": "SIEM", + "description": "Query your SIEM logs programmatically using ES|QL (Elasticsearch Query Language)." + } + ], + "paths": { + "/v1/reseller/invoices": { + "get": { + "summary": "List Reseller Invoices", + "description": "Shows Invoices associated with the current reseller.\n\n**Note:** To see the details of a given invoice, you will\nprobably want to also fetch the associated Account Usage Line Items and\nOrganization Usage Line Items.\n\n**Note:** This endpoint will also return a `pagination` key on the root\nlevel. Please refer to the [pagination\nsection](https://api.huntress.io/docs#pagination) within our docs for\nmore information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "status", + "description": "Filter by status. One of open, paid, failed, partial_refund, full_refund, draft, voided", + "type": "string", + "enum": [ + "open", + "paid", + "failed", + "partial_refund", + "full_refund", + "draft", + "voided" + ], + "required": false + } + ], + "responses": { + "200": { + "description": "List Reseller Invoices", + "schema": { + "type": "object", + "properties": { + "invoices": { + "type": "array", + "items": { + "$ref": "#/definitions/Invoice" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "invoices", + "pagination" + ] + } + }, + "400": { + "description": "Invalid query parameters" + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Invoice" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1ResellerInvoices" + } + }, + "/v1/reseller/invoices/{id}": { + "get": { + "summary": "Get Reseller Invoice", + "description": "Shows a specific Reseller Invoice associated with the current\nreseller.\n\nNote: To see the details of this invoice, you will probably\nwant to also fetch the associated Account Usage Line Items and\nOrganization Usage Line Items.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Reseller Invoice", + "schema": { + "$ref": "#/definitions/Invoice" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Invoice" + } + }, + "404": { + "description": "Invoice not found" + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1ResellerInvoicesId" + } + }, + "/v1/reseller/invoices/{id}/account_usage_line_items": { + "get": { + "summary": "List Account Usage Line Items", + "description": "Shows a list of Account Usage Line Items.\n\nThis list provides a detailed breakdown of product usage per account from a given invoice.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + } + ], + "responses": { + "200": { + "description": "List Account Usage Line Items", + "schema": { + "type": "object", + "properties": { + "type": "object", + "properties": { + "account_usage_line_items": { + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + } + } + }, + "required": [ + "account_usage_line_items", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/AccountUsageLineItem" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1ResellerInvoicesIdAccountUsageLineItems" + } + }, + "/v1/reseller/invoices/{id}/organization_usage_line_items": { + "get": { + "summary": "List Organization Usage Line Items", + "description": "Shows a list of Organization Usage Line Items.\n\nThis list provides a detailed breakdown of product usage per organization from a given invoice.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + } + ], + "responses": { + "200": { + "description": "List Organization Usage Line Items", + "schema": { + "type": "object", + "properties": { + "organization_usage_line_items": { + "type": "array", + "items": { + "$ref": "#/definitions/OrganizationUsageLineItem" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "organization_usage_line_items", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/OrganizationUsageLineItem" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1ResellerInvoicesIdOrganizationUsageLineItems" + } + }, + "/v1/reseller/subscriptions": { + "get": { + "summary": "List Reseller Subscriptions", + "description": "Shows subscriptions associated with the current reseller's managed accounts.\n\n**Note:** This endpoint will also return a `pagination` key on the root\nlevel. Please refer to the [pagination\nsection](https://api.huntress.io/docs#pagination) within our docs for\nmore information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "product", + "description": "Filter by product type", + "type": "string", + "enum": [ + "edr", + "sat", + "itdr", + "siem" + ], + "required": false + }, + { + "in": "query", + "name": "status", + "description": "Filter by status", + "type": "string", + "enum": [ + "draft", + "approved", + "accepted", + "active", + "completed" + ], + "required": false + } + ], + "responses": { + "200": { + "description": "List Reseller Subscriptions", + "schema": { + "type": "object", + "properties": { + "subscriptions": { + "type": "array", + "items": { + "$ref": "#/definitions/Subscription" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "subscriptions", + "pagination" + ] + } + }, + "400": { + "description": "Invalid query parameters" + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Subscription" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1ResellerSubscriptions" + }, + "post": { + "summary": "Create Reseller Subscription", + "description": "Creates a subscription for a product on a reseller-managed account.\n\n**Note:** This endpoint only allows the creation of subscriptions that\nuse the default terms, conditions, and pricing. Please contact your\naccount admin for any terms that are not covered by our standard API.\n", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "name": "SubscriptionCreationParameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/SubscriptionCreationParameters" + } + } + ], + "responses": { + "201": { + "description": "Create Reseller Subscription", + "schema": { + "$ref": "#/definitions/Subscription" + } + }, + "400": { + "description": "Invalid parameters" + }, + "404": { + "description": "Record not found (likely the account)" + }, + "422": { + "description": "Could not create subscription" + } + }, + "tags": [ + "Reseller" + ], + "operationId": "SubscriptionCreationParameters" + } + }, + "/v1/reseller/subscriptions/{id}": { + "get": { + "summary": "Get Reseller Subscription", + "description": "Shows details on a single subscription associated with the current reseller's managed accounts.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Reseller Subscription", + "schema": { + "type": "object", + "properties": { + "subscription": { + "$ref": "#/definitions/Subscription" + } + } + } + }, + "400": { + "description": "Something about the request is malformed." + }, + "404": { + "description": "Record not found." + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1ResellerSubscriptionsId" + }, + "patch": { + "summary": "Update Reseller Subscription", + "description": "Updates a subscription associated with the current reseller's managed accounts.\n\nFor **approved** subscriptions: updates minimum, billing_interval, and purchase_order.\n\nFor **active** subscriptions: toggles `auto_renew` and/or adds units via `additional_units` (with optional `purchase_order`).\n", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "name": "SubscriptionUpdateParameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/SubscriptionUpdateParameters" + } + } + ], + "responses": { + "200": { + "description": "Update Reseller Subscription", + "schema": { + "$ref": "#/definitions/Subscription" + } + }, + "400": { + "description": "Something about the request is malformed." + }, + "404": { + "description": "Record not found." + }, + "409": { + "description": "Subscription is not in a valid status for this update." + }, + "422": { + "description": "Could not update subscription." + } + }, + "tags": [ + "Reseller" + ], + "operationId": "SubscriptionUpdateParameters" + } + }, + "/v1/reseller/subscriptions/{id}/upgrade": { + "post": { + "summary": "Upgrade Reseller Subscription", + "description": "Upgrades an active subscription by creating a new subscription with a\nhigher minimum and/or price tier, replacing the existing one.\n\nThis is modeled as a sub-resource because the operation creates a new\nsubscription record rather than modifying the existing one in place.\n", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "name": "SubscriptionUpgradeParameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/SubscriptionUpgradeParameters" + } + } + ], + "responses": { + "201": { + "description": "Upgrade Reseller Subscription", + "schema": { + "$ref": "#/definitions/Subscription" + } + }, + "400": { + "description": "Something about the request is malformed." + }, + "404": { + "description": "Record not found." + }, + "422": { + "description": "Could not upgrade subscription." + } + }, + "tags": [ + "Reseller" + ], + "operationId": "SubscriptionUpgradeParameters" + } + }, + "/v1/siem/query": { + "post": { + "summary": "Execute ESQL Query", + "description": "Execute an ESQL query against your SIEM logs and receive paginated JSON results.\n\nThis endpoint uses POST so that the ESQL query string can be sent in the request body\nrather than as a URL query parameter, avoiding URL length limits for complex queries.\n\nQueries must begin with `FROM logs`. Results are limited to 200 rows per page.\nIf `next_page_token` is present, pass it as `page_token` in a subsequent request\n(with the same `range_start` and `range_end`) to retrieve the next page.\n\n**Response**\n\nReturns a JSON object with two top-level keys:\n\n- `logs` — Array of objects. Each object represents one log record. Keys are ECS field\n names (e.g. `event.provider`, `host.hostname`). The fields present depend on the columns\n selected by your ESQL query (e.g. a `KEEP` command). With no column selection, all\n available ECS fields are returned.\n\n- `pagination` — Object. Contains `next_page_token` (string) when additional results are\n available; empty object `{}` when all results have been returned. Pass `next_page_token`\n as `page_token` in your next request to retrieve the following page.\n", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "name": "postV1SiemQuery", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/postV1SiemQuery" + } + } + ], + "responses": { + "200": { + "description": "Query executed successfully.", + "schema": { + "$ref": "#/definitions/SiemQueryResult" + } + }, + "400": { + "description": "Missing or invalid request parameters." + }, + "401": { + "description": "Authentication credentials are missing or invalid." + }, + "404": { + "description": "SIEM query feature is not enabled for this account." + }, + "408": { + "description": "Query timed out." + }, + "413": { + "description": "Query exceeded memory limit." + }, + "422": { + "description": "Invalid ESQL query or query parameters." + } + }, + "tags": [ + "SIEM" + ], + "operationId": "postV1SiemQuery" + } + }, + "/v1/account": { + "get": { + "summary": "Get Account", + "description": "Shows details of the top-level Huntress Account associated with your API credentials.", + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "Get Account", + "schema": { + "$ref": "#/definitions/Account" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Account" + } + } + }, + "tags": [ + "Accounts" + ], + "operationId": "getV1Account" + } + }, + "/v1/accounts": { + "get": { + "summary": "List Accounts", + "description": "Shows all accounts associated with your API credentials.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + } + ], + "responses": { + "200": { + "description": "List Accounts", + "schema": { + "type": "object", + "properties": { + "accounts": { + "type": "array", + "items": { + "$ref": "#/definitions/Account" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "accounts", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Account" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1Accounts" + }, + "post": { + "summary": "Create Account", + "description": "Create a new account under the reseller associated with the supplied API credential.", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "name": "AccountCreationParameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/AccountCreationParameters" + } + } + ], + "responses": { + "201": { + "description": "Create Account", + "schema": { + "$ref": "#/definitions/Account" + } + }, + "400": { + "description": "Invalid account creation parameters" + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Account" + } + }, + "409": { + "description": "Current reseller cannot create accounts, possibly because payment details have not been provided" + }, + "422": { + "description": "Could not create account" + } + }, + "tags": [ + "Reseller" + ], + "operationId": "AccountCreationParameters" + } + }, + "/v1/accounts/{account_id}": { + "get": { + "summary": "Get Specific Account", + "description": "Shows the details of a specific account which your API credentials grant access to.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "description": "Account ID for an account associated with your API credentials", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Specific Account", + "schema": { + "$ref": "#/definitions/Account" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Account" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountId" + }, + "patch": { + "summary": "Update Account", + "description": "Updates the details of a specific account.", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "name": "AccountUpdateParameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/AccountUpdateParameters" + } + } + ], + "responses": { + "200": { + "description": "Update Account", + "schema": { + "$ref": "#/definitions/Account" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Account" + } + }, + "422": { + "description": "Invalid parameters or unable to update model" + } + }, + "tags": [ + "Reseller" + ], + "operationId": "AccountUpdateParameters" + }, + "delete": { + "summary": "Permanently Disable an Account", + "description": "Marks the account as disabled and will be deleted after 10 days from initial request.\n\n**Please Note:** This is irreversible and will uninstall all of the agents for this account, as well as completing other similar operations. \n[Contact support](https://support.huntress.io/hc/en-us) if this was done unintentionally.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "description": "Account ID for deletion.", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "202": { + "description": "Permanently Disable an Account", + "schema": { + "$ref": "#/definitions/Account" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Account" + } + }, + "422": { + "description": "Account failed to be disabled." + } + }, + "tags": [ + "Reseller" + ], + "operationId": "deleteV1AccountsAccountId" + } + }, + "/v1/accounts/{account_id}/agents": { + "get": { + "summary": "List Agents", + "description": "Shows Agents associated with your account.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "organization_id", + "description": "Filter by organization ID within Huntress account", + "type": "integer", + "format": "int32", + "required": false + }, + { + "in": "query", + "name": "platform", + "description": "Filter by platform. One of windows, darwin, linux", + "type": "string", + "enum": [ + "windows", + "darwin", + "linux" + ], + "required": false + } + ], + "responses": { + "200": { + "description": "List Agents", + "schema": { + "type": "object", + "properties": { + "agents": { + "type": "array", + "items": { + "$ref": "#/definitions/Agent" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "agents", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Agent" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdAgents" + } + }, + "/v1/accounts/{account_id}/agents/{id}": { + "get": { + "summary": "Get Agent", + "description": "Shows details on a single Agent associated with your account.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "id", + "description": "Agent ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Agent", + "schema": { + "type": "object", + "properties": { + "agent": { + "$ref": "#/definitions/Agent" + } + } + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Agent" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdAgentsId" + } + }, + "/v1/accounts/{account_id}/external_ports": { + "get": { + "summary": "List External Ports", + "description": "Shows external port records from External Recon scans associated with your account.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "organization_id", + "description": "Filter by organization ID within Huntress account", + "type": "integer", + "format": "int32", + "required": false + } + ], + "responses": { + "200": { + "description": "List External Ports", + "schema": { + "type": "object", + "properties": { + "external_ports": { + "type": "array", + "items": { + "$ref": "#/definitions/ExternalPort" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "external_ports", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/ExternalPort" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdExternalPorts" + } + }, + "/v1/accounts/{account_id}/external_ports/{id}": { + "get": { + "summary": "Get External Port", + "description": "Shows details on a single external port record associated with your account.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "id", + "description": "External port record ID", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get External Port", + "schema": { + "type": "object", + "properties": { + "external_port": { + "$ref": "#/definitions/ExternalPort" + } + } + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/ExternalPort" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdExternalPortsId" + } + }, + "/v1/accounts/{account_id}/invoices": { + "get": { + "summary": "List Account Invoices", + "description": "Shows Invoices associated with your account.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "status", + "description": "Filter by status. One of open, paid, failed, partial_refund, full_refund, draft, voided", + "type": "string", + "enum": [ + "open", + "paid", + "failed", + "partial_refund", + "full_refund", + "draft", + "voided" + ], + "required": false + } + ], + "responses": { + "200": { + "description": "List Account Invoices", + "schema": { + "type": "object", + "properties": { + "invoices": { + "type": "array", + "items": { + "$ref": "#/definitions/Invoice" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "invoices", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Invoice" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdInvoices" + } + }, + "/v1/accounts/{account_id}/invoices/{id}": { + "get": { + "summary": "Get Account Invoice", + "description": "Shows details on a single Invoice associated with your account.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "id", + "description": "Invoice ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Account Invoice", + "schema": { + "type": "object", + "properties": { + "invoice": { + "$ref": "#/definitions/Invoice" + } + } + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Invoice" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdInvoicesId" + } + }, + "/v1/accounts/{account_id}/incident_reports": { + "get": { + "summary": "List Incident Reports", + "description": "Shows Incident Reports associated with your account.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "indicator_type", + "description": "Filter by indicator type. One of footholds, monitored_files, ransomware_canaries, antivirus_detections, process_detections, managed_identity, mde_detections, siem_detections, favicon_detections, behavioral_detections, email_security_detections, app_control", + "type": "string", + "enum": [ + "footholds", + "monitored_files", + "ransomware_canaries", + "antivirus_detections", + "process_detections", + "managed_identity", + "mde_detections", + "siem_detections", + "favicon_detections", + "behavioral_detections", + "email_security_detections", + "app_control" + ], + "required": false + }, + { + "in": "query", + "name": "status", + "description": "Filter by status. One of sent, closed, dismissed, auto_remediating, deleting, partner_dismissed", + "type": "string", + "enum": [ + "sent", + "closed", + "dismissed", + "auto_remediating", + "deleting", + "partner_dismissed" + ], + "required": false + }, + { + "in": "query", + "name": "severity", + "description": "Filter by severity. One of low, high, critical", + "type": "string", + "enum": [ + "low", + "high", + "critical" + ], + "required": false + }, + { + "in": "query", + "name": "platform", + "description": "Filter by platform. One of windows, darwin, microsoft_365, google, linux, email_security, other", + "type": "string", + "enum": [ + "windows", + "darwin", + "microsoft_365", + "google", + "linux", + "email_security", + "other" + ], + "required": false + }, + { + "in": "query", + "name": "organization_id", + "description": "Filter by organization ID within Huntress account", + "type": "integer", + "format": "int32", + "required": false + }, + { + "in": "query", + "name": "agent_id", + "description": "Filter by agent ID within Huntress account", + "type": "integer", + "format": "int32", + "required": false + } + ], + "responses": { + "200": { + "description": "List Incident Reports", + "schema": { + "type": "object", + "properties": { + "incident_reports": { + "type": "array", + "items": { + "$ref": "#/definitions/IncidentReport" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "incident_reports", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/IncidentReport" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdIncidentReports" + } + }, + "/v1/accounts/{account_id}/incident_reports/{id}": { + "get": { + "summary": "Get Incident Report", + "description": "Shows details on a single Incident Report associated with your account.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "id", + "description": "Incident Report ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Incident Report", + "schema": { + "type": "object", + "properties": { + "incident_report": { + "$ref": "#/definitions/IncidentReport" + } + } + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/IncidentReport" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdIncidentReportsId" + } + }, + "/v1/accounts/{account_id}/incident_reports/{id}/resolution": { + "post": { + "summary": "Create an Incident Report Resolution", + "description": "Use this endpoint to resolve a single Incident Report. All remediations belonging to the Incident Report must be approved first.\n\nWhile resolution updates the report status to resolved, assisted remediations may still be running in the background and manual remediations may still require completion by a user.\n\nThis endpoint requires an API key with permissions to resolve incident reports. **Note that the default account API key is read-only, so you'll need to create a user-based API key with the appropriate permissions to access this endpoint**.\n", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "id", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "201": { + "description": "Create an Incident Report Resolution", + "schema": { + "$ref": "#/definitions/IncidentReport" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions." + }, + "409": { + "description": "Incident Report cannot be resolved. Confirm that all remediations are approved and report status is 'sent'." + }, + "422": { + "description": "Incident Report cannot be resolved unless report status is 'sent'." + } + }, + "tags": [ + "Reseller" + ], + "operationId": "postV1AccountsAccountIdIncidentReportsIdResolution" + } + }, + "/v1/accounts/{account_id}/memberships": { + "get": { + "summary": "List Memberships", + "description": "Shows a list of memberships.\n\nBy default, this endpoint returns both account and organization\nmemberships, but if an organization ID is supplied, it will return\nonly organization memberships, instead.\n\nThe example return value shows both an organization and an account, but\na given membership will only have one or the other.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "organization_id", + "description": "Filter by organization ID to return only memberships for that organization.", + "type": "integer", + "format": "int32", + "required": false + } + ], + "responses": { + "200": { + "description": "List Memberships", + "schema": { + "type": "object", + "properties": { + "memberships": { + "type": "array", + "items": { + "$ref": "#/definitions/Membership" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "memberships", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Membership" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdMemberships" + }, + "post": { + "summary": "Create a Membership", + "description": "This endpoint allows you to invite a user to join your organization or\naccount. A user will often be a person you wish to grant access to,\nbut it could also represent a team, an automated system, or any other\ntype of actor.\n\nIf an organization ID is provided, the user will be invited to that\norganization. If not, they will be invited to the account associated\nwith this API credential. Note that while the sample return value\nincludes both an organization and an account for completeness, in\npractice, only one or the other will be included.\n\nNote that this is technically creating a Membership Invitation - the\nactual membership won't be created until the user accepts the\ninvitation.\n", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "name": "MembershipCreationParameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/MembershipCreationParameters" + } + } + ], + "responses": { + "201": { + "description": "Create a Membership", + "schema": { + "$ref": "#/definitions/MemberInvitation" + } + }, + "400": { + "description": "Something about the request is malformed." + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Membership" + } + }, + "404": { + "description": "Organization not found." + }, + "422": { + "description": "Invalid creation parameters." + } + }, + "tags": [ + "Reseller" + ], + "operationId": "MembershipCreationParameters" + } + }, + "/v1/accounts/{account_id}/memberships/{id}": { + "get": { + "summary": "Get Membership", + "description": "Shows details on a single Membership associated with your account or organization.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "id", + "description": "Membership ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Membership", + "schema": { + "type": "object", + "properties": { + "membership": { + "$ref": "#/definitions/Membership" + } + } + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Membership" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdMembershipsId" + }, + "delete": { + "summary": "Delete Membership", + "description": "Deletes a single Membership associated with your account or organization. Does not delete the user associated with the membership.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "id", + "description": "Membership ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "202": { + "description": "Membership deleted", + "schema": { + "type": "object", + "properties": { + "membership": { + "$ref": "#/definitions/Membership" + } + } + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Membership" + } + }, + "404": { + "description": "Membership not found, possibly because it has already been deleted." + }, + "422": { + "description": "Failed to delete membership. Please contact support." + } + }, + "tags": [ + "Reseller" + ], + "operationId": "deleteV1AccountsAccountIdMembershipsId" + }, + "patch": { + "summary": "Update a User's membership", + "description": "", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "id", + "description": "Membership ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + }, + { + "name": "MembershipUpdateParameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/MembershipUpdateParameters" + } + } + ], + "responses": { + "200": { + "description": "Update a User's membership", + "schema": { + "$ref": "#/definitions/Membership" + } + }, + "400": { + "description": "Something about the request is malformed." + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Membership" + } + }, + "422": { + "description": "Something prevented the update." + } + }, + "tags": [ + "Reseller" + ], + "operationId": "MembershipUpdateParameters" + } + }, + "/v1/accounts/{account_id}/organizations": { + "get": { + "summary": "List Organizations", + "description": "Shows details of Organizations belonging to the account associated with your API credentials.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + } + ], + "responses": { + "200": { + "description": "List Organizations", + "schema": { + "type": "object", + "properties": { + "organizations": { + "type": "array", + "items": { + "$ref": "#/definitions/Organization" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "organizations", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Organization" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdOrganizations" + }, + "post": { + "summary": "Create an Organization", + "description": "", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "name": "OrganizationCreationParameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/OrganizationCreationParameters" + } + } + ], + "responses": { + "201": { + "description": "Create an Organization", + "schema": { + "$ref": "#/definitions/Organization" + } + }, + "400": { + "description": "Something about the request is malformed." + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Organization" + } + }, + "422": { + "description": "Invalid creation parameters." + } + }, + "tags": [ + "Reseller" + ], + "operationId": "OrganizationCreationParameters" + } + }, + "/v1/accounts/{account_id}/organizations/{id}": { + "get": { + "summary": "Get Organization", + "description": "Shows details on a single Organization associated with your account.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "id", + "description": "Organization ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Organization", + "schema": { + "type": "object", + "properties": { + "organization": { + "$ref": "#/definitions/Organization" + } + } + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Organization" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdOrganizationsId" + }, + "patch": { + "summary": "Update an Organization", + "description": "", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "name": "OrganizationUpdateParameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/OrganizationUpdateParameters" + } + } + ], + "responses": { + "200": { + "description": "Update an Organization", + "schema": { + "$ref": "#/definitions/Organization" + } + }, + "400": { + "description": "Something about the request is malformed." + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Organization" + } + }, + "422": { + "description": "Invalid update parameters." + } + }, + "tags": [ + "Reseller" + ], + "operationId": "OrganizationUpdateParameters" + }, + "delete": { + "summary": "Delete an Organization", + "description": "Deletes the specified Organization.\n\n**Please note:** this will uninstall all of the agents in this organization, as well as completing other similar operations. For more information, see our [support documentation](https://support.huntress.io/hc/en-us/articles/4404005208851-Add-Rename-or-Delete-Organizations).\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "id", + "description": "The id of the organization to be deleted", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "202": { + "description": "Organization deleted", + "schema": { + "$ref": "#/definitions/Organization" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Organization" + } + }, + "404": { + "description": "Organization not found, possibly because it has already been deleted." + }, + "409": { + "description": "There is a conflict about the organization that prevents deletion. See error message for more details." + }, + "422": { + "description": "Failed to delete organization. Please contact support." + } + }, + "tags": [ + "Reseller" + ], + "operationId": "deleteV1AccountsAccountIdOrganizationsId" + } + }, + "/v1/accounts/{account_id}/incident_reports/{incident_report_id}/remediations": { + "get": { + "summary": "List Remediations", + "description": "Shows details of Remediations belonging to a single Incident Report.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "incident_report_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "types[]", + "description": "Filter by type of remediation. Must be a comma-separated string containing the values: assisted, manual, containment", + "type": "array", + "items": { + "type": "string", + "enum": [ + "assisted", + "manual", + "containment" + ] + }, + "required": false + }, + { + "in": "query", + "name": "statuses[]", + "description": "Filter by status of remediation. Must be a comma-separated string containing the values: unapproved, approved, completed, failed, cancelled", + "type": "array", + "items": { + "type": "string", + "enum": [ + "unapproved", + "approved", + "completed", + "failed", + "cancelled" + ] + }, + "required": false + } + ], + "responses": { + "200": { + "description": "List Remediations", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/Remediation" + } + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Remediation" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdIncidentReportsIncidentReportIdRemediations" + } + }, + "/v1/accounts/{account_id}/incident_reports/{incident_report_id}/remediations/{remediation_id}": { + "get": { + "summary": "Get Remediation", + "description": "Shows details for a single Remediation belonging to a single Incident Report", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "incident_report_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "remediation_id", + "description": "Incident Report ID", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Remediation", + "schema": { + "$ref": "#/definitions/Remediation" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Remediation" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdIncidentReportsIncidentReportIdRemediationsRemediationId" + } + }, + "/v1/accounts/{account_id}/incident_reports/{incident_report_id}/remediations/bulk_approval": { + "post": { + "summary": "Bulk Approve Remediations", + "description": "Approve all unapproved remediations for an Incident Report. Approval immediately triggers the execution of assisted remediations.\nManual remediations are not executed, and must be independently completed. Once all remediations are approved,\nthe incident report becomes eligible for resolution.\n\nThis endpoint requires an API key with permissions to write to remediations. **Note that the default account API key is read-only, so you'll need to create a user-based API key with the appropriate permissions to access this endpoint**.\n", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "incident_report_id", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "201": { + "description": "Bulk Approve Remediations", + "schema": { + "$ref": "#/definitions/IncidentReport" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions." + }, + "409": { + "description": "Incident Report must have a status of 'sent'." + }, + "422": { + "description": "Unable to approve remediations" + } + }, + "tags": [ + "Reseller" + ], + "operationId": "postV1AccountsAccountIdIncidentReportsIncidentReportIdRemediationsBulkApproval" + } + }, + "/v1/accounts/{account_id}/incident_reports/{incident_report_id}/remediations/bulk_rejection": { + "post": { + "summary": "Bulk Reject Remediations", + "description": "Reject all unapproved remediations for an Incident Report. Rejecting the remediations will send the incident report back to the Huntress SOC.\n\nThis endpoint requires an API key with permissions to write to remediations. **Note that the default account API key is read-only, so you'll need to create a user-based API key with the appropriate permissions to access this endpoint**.\n", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "incident_report_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "name": "RemediationBulkRejectionParameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RemediationBulkRejectionParameters" + } + } + ], + "responses": { + "201": { + "description": "Remediations rejected." + }, + "403": { + "description": "There was an issue with your API credential or permissions." + }, + "409": { + "description": "Incident Report must have a status of 'sent'." + }, + "422": { + "description": "Unable to reject remediations" + } + }, + "tags": [ + "Reseller" + ], + "operationId": "RemediationBulkRejectionParameters" + } + }, + "/v1/accounts/{account_id}/reports": { + "get": { + "summary": "List Summary Reports", + "description": "Shows Summary Reports associated with your account.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "period_min", + "description": "Filter by an ISO-8601 formatted date string that represents the lower bound of the search range for the period date.", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "period_max", + "description": "Filter by an ISO-8601 formatted date string that represents the upper bound of the search range for the period date.", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "organization_id", + "description": "Filter by organization ID within Huntress account", + "type": "integer", + "format": "int32", + "required": false + }, + { + "in": "query", + "name": "type", + "description": "Filter by report type. One of monthly_summary, quarterly_summary, yearly_summary", + "type": "string", + "enum": [ + "monthly_summary", + "quarterly_summary", + "yearly_summary" + ], + "required": false + } + ], + "responses": { + "200": { + "description": "List Summary Reports", + "schema": { + "type": "object", + "properties": { + "reports": { + "type": "array", + "items": { + "$ref": "#/definitions/SummaryReport" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "reports", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions." + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdReports" + } + }, + "/v1/accounts/{account_id}/reports/{id}": { + "get": { + "summary": "Get Summary Report", + "description": "Shows details on a single Summary Report associated with your account.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "id", + "description": "Report ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Summary Report", + "schema": { + "$ref": "#/definitions/SummaryReport" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions." + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdReportsId" + } + }, + "/v1/accounts/{account_id}/signals": { + "get": { + "summary": "List Signals", + "description": "Shows details of Signals belonging to the account associated with your API credentials.\n\nSignals are used to highlight interesting user or system behaviors that an analyst can reference during a cyber investigation.\nA detected Signal could be as broad and low fidelity as the detection of a command line user running whoami, or it could be as specific and high fidelity as detecting a known malware file.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "investigated_at_min", + "description": "Filter by an ISO-8601 formatted date string that represents the lower bound of the search range for the investigated_at date.", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "investigated_at_max", + "description": "Filter by an ISO-8601 formatted date string that represents the upper bound of the search range for the investigated_at date.", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "entity_type", + "description": "Filter by the entity type that the Signal originated from. This filter can be used without specifying entity_id.", + "type": "string", + "enum": [ + "user_entity", + "source", + "mailbox", + "service_principal", + "agent", + "identity" + ], + "required": false + }, + { + "in": "query", + "name": "entity_id", + "description": "Filter by the entity ID that the Signal originated from. Must be used in tandem with entity_type parameter.", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "organization_id", + "description": "Filter by organization ID within Huntress account", + "type": "integer", + "format": "int32", + "required": false + }, + { + "in": "query", + "name": "types", + "description": "Filter by the types of Signal, must be comma-separated string containing the values: `Antivirus, Process Insights, Managed ITDR, Footholds, MDE Detections, SIEM, Ransomware Canaries, Favicon Detections, Attack Disruptions, App Control`", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "statuses", + "description": "Filter by status. Must be comma-separated string containing the values: `reported`, `closed`", + "type": "string", + "required": false + } + ], + "responses": { + "200": { + "description": "List Signals", + "schema": { + "type": "object", + "properties": { + "signals": { + "type": "array", + "items": { + "$ref": "#/definitions/Signal" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "signals", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Signal" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdSignals" + } + }, + "/v1/accounts/{account_id}/signals/{id}": { + "get": { + "summary": "Get Signal", + "description": "Shows details of a single Signal belonging to the account associated with your API credentials.\n\nSignals are used to highlight interesting user or system behaviors that an analyst can reference during a cyber investigation.\nA detected Signal could be as broad and low fidelity as the detection of a command line user running whoami, or it could be as specific and high fidelity as detecting a known malware file.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "account_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "id", + "description": "Signal ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Signal", + "schema": { + "$ref": "#/definitions/Signal" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Signal" + } + } + }, + "tags": [ + "Reseller" + ], + "operationId": "getV1AccountsAccountIdSignalsId" + } + }, + "/v1/actor": { + "get": { + "summary": "Get Actor", + "description": "Shows details of the entities associated with the supplied API credentials. It will only return the fields relevant to the current credentials.\nFor more information on User management, see [Product Support](https://support.huntress.io/hc/en-us/articles/4404012574227-Adding-and-Managing-Huntress-Users)\n", + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "Get Actor", + "schema": { + "$ref": "#/definitions/Actor" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Actor" + } + } + }, + "tags": [ + "Actor", + "Reseller" + ], + "operationId": "getV1Actor" + } + }, + "/v1/agents": { + "get": { + "summary": "List Agents", + "description": "Shows Agents associated with your account.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "organization_id", + "description": "Filter by organization ID within Huntress account", + "type": "integer", + "format": "int32", + "required": false + }, + { + "in": "query", + "name": "platform", + "description": "Filter by platform. One of windows, darwin, linux", + "type": "string", + "enum": [ + "windows", + "darwin", + "linux" + ], + "required": false + } + ], + "responses": { + "200": { + "description": "List Agents", + "schema": { + "type": "object", + "properties": { + "agents": { + "type": "array", + "items": { + "$ref": "#/definitions/Agent" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "agents", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Agent" + } + } + }, + "tags": [ + "Agents" + ], + "operationId": "getV1Agents" + } + }, + "/v1/agents/{id}": { + "get": { + "summary": "Get Agent", + "description": "Shows details on a single Agent associated with your account.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Agent ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Agent", + "schema": { + "type": "object", + "properties": { + "agent": { + "$ref": "#/definitions/Agent" + } + } + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Agent" + } + } + }, + "tags": [ + "Agents" + ], + "operationId": "getV1AgentsId" + } + }, + "/v1/invoices": { + "get": { + "summary": "List Account Invoices", + "description": "Shows Invoices associated with your account.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "status", + "description": "Filter by status. One of open, paid, failed, partial_refund, full_refund, draft, voided", + "type": "string", + "enum": [ + "open", + "paid", + "failed", + "partial_refund", + "full_refund", + "draft", + "voided" + ], + "required": false + } + ], + "responses": { + "200": { + "description": "List Account Invoices", + "schema": { + "type": "object", + "properties": { + "invoices": { + "type": "array", + "items": { + "$ref": "#/definitions/Invoice" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "invoices", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Invoice" + } + } + }, + "tags": [ + "Invoices" + ], + "operationId": "getV1Invoices" + } + }, + "/v1/invoices/{id}": { + "get": { + "summary": "Get Account Invoice", + "description": "Shows details on a single Invoice associated with your account.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Invoice ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Account Invoice", + "schema": { + "type": "object", + "properties": { + "invoice": { + "$ref": "#/definitions/Invoice" + } + } + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Invoice" + } + } + }, + "tags": [ + "Invoices" + ], + "operationId": "getV1InvoicesId" + } + }, + "/v1/escalations": { + "get": { + "summary": "List Escalations", + "description": "\nShows Escalations associated with your account.\nAdditional details for a specific escalation can be obtained by using the **GET Escalation** endpoint.\n\nEscalations are used to notify Huntress account administrators that a situation requires their attention.\nBelow are some common use cases:\n - The Huntress security platform is unable to send incident reports to your PSA system and we need you to reconfigure the integration.\n - Security Operation Centers (SOC) suspect that an application being flagged as malicious is a false positive, and we want to get your authorization to allow-list the application moving forward.\n - A potential threat flagged by Managed Defender requires additional information (file path details, etc.) in order for Huntress to provide actionable assisted remediation steps.\n - A login event occurred from an unexpected country or VPN, and Huntress would like partner feedback on whether that event should be expected or unauthorized.\n\n Though Escalations are not incident reports, they do have severities (low, high, critical) associated with them that dictate an expected response time.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "status", + "description": "Filter by status. One of open, overdue, resolved", + "type": "string", + "enum": [ + "open", + "overdue", + "resolved" + ], + "required": false + } + ], + "responses": { + "200": { + "description": "List Escalations", + "schema": { + "type": "object", + "properties": { + "escalations": { + "type": "array", + "items": { + "$ref": "#/definitions/Escalation" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "escalations", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Escalation" + } + } + }, + "tags": [ + "Escalations" + ], + "operationId": "getV1Escalations" + } + }, + "/v1/escalations/{id}": { + "get": { + "summary": "Get Escalation", + "description": "Shows details on a single Escalation associated with your account.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Escalation ID within Huntress Account", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Escalation", + "schema": { + "$ref": "#/definitions/EscalationWithEntities" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Escalation" + } + } + }, + "tags": [ + "Escalations" + ], + "operationId": "getV1EscalationsId" + } + }, + "/v1/escalations/{id}/resolution": { + "post": { + "summary": "Create an Escalation Resolution", + "description": "Allows you to resolve an Escalation. Creating a resolution updates the Escalation's status\nto resolved. This endpoint requires an API key with permissions to write to Escalations. **Note that the default account API key is read-only, so you'll need to create a user-based API key with the appropriate permissions to access this endpoint**.\nThe behavior of this endpoint varies by Escalation type so your request should be crafted based on the specific Escalation you are interacting with.\n\n#### Simple Resolution\n\nFor most types of Escalations, a POST to the resolution endpoint with only the Escalation's ID is sufficient. This action resolves the Escalation directly without requiring any additional parameters.\n\n#### Complex Resolution\n\nFor Escalations that have many entities which all require action, a call to this endpoint will **bulk resolve all associated entities at once**. The determination provided will be **applied to every single entity attached to the Escalation.** \nNote that these kinds of Escalation resolutions require extra parameters in their requests. \n\nEscalation types that can resolve multiple associated entities at once are:\n - Unwanted Country Access\n - Unwanted VPN Access\n\n **NOTE:** Ommitting both `determination` and `scope` params will temporarily resolve the Unwanted Access Escalations.\n The escalation will reopen upon the next occurrence of the event that created the escalation.\n This is equivalent to using the \"dismiss\" option in the portal.\n\n#### API Resolution Not Supported\n\nFor a few Escalation types, this endpoint is not supported. These Escalations require specific actions to be taken outside of the API (e.g., re-enabling Microsoft Defender) to be resolved.\n\nFor example, the following Escalation types cannot be resolved through the API:\n - Defender Disabled\n - Logs Sources Not Reporting\n - Log Source Data not Audited Properly\n", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "name": "EscalationResolutionParameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/EscalationResolutionParameters" + } + } + ], + "responses": { + "201": { + "description": "Create an Escalation Resolution", + "schema": { + "$ref": "#/definitions/EscalationWithEntities" + } + }, + "400": { + "description": "Invalid resolution parameters" + }, + "403": { + "description": "There was an issue with your API credential or permissions." + }, + "409": { + "description": "Escalation has already been resolved" + }, + "422": { + "description": "Escalation cannot be resolved through the API" + } + }, + "tags": [ + "Escalations" + ], + "operationId": "EscalationResolutionParameters" + } + }, + "/v1/external_ports": { + "get": { + "summary": "List External Ports", + "description": "Shows external port records from External Recon scans associated with your account.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "organization_id", + "description": "Filter by organization ID within Huntress account", + "type": "integer", + "format": "int32", + "required": false + } + ], + "responses": { + "200": { + "description": "List External Ports", + "schema": { + "type": "object", + "properties": { + "external_ports": { + "type": "array", + "items": { + "$ref": "#/definitions/ExternalPort" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "external_ports", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/ExternalPort" + } + } + }, + "tags": [ + "External Recon" + ], + "operationId": "getV1ExternalPorts" + } + }, + "/v1/external_ports/{id}": { + "get": { + "summary": "Get External Port", + "description": "Shows details on a single external port record associated with your account.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "description": "External port record ID", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get External Port", + "schema": { + "type": "object", + "properties": { + "external_port": { + "$ref": "#/definitions/ExternalPort" + } + } + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/ExternalPort" + } + } + }, + "tags": [ + "External Recon" + ], + "operationId": "getV1ExternalPortsId" + } + }, + "/v1/incident_reports": { + "get": { + "summary": "List Incident Reports", + "description": "Shows Incident Reports associated with your account.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "indicator_type", + "description": "Filter by indicator type. One of footholds, monitored_files, ransomware_canaries, antivirus_detections, process_detections, managed_identity, mde_detections, siem_detections, favicon_detections, behavioral_detections, email_security_detections, app_control", + "type": "string", + "enum": [ + "footholds", + "monitored_files", + "ransomware_canaries", + "antivirus_detections", + "process_detections", + "managed_identity", + "mde_detections", + "siem_detections", + "favicon_detections", + "behavioral_detections", + "email_security_detections", + "app_control" + ], + "required": false + }, + { + "in": "query", + "name": "status", + "description": "Filter by status. One of sent, closed, dismissed, auto_remediating, deleting, partner_dismissed", + "type": "string", + "enum": [ + "sent", + "closed", + "dismissed", + "auto_remediating", + "deleting", + "partner_dismissed" + ], + "required": false + }, + { + "in": "query", + "name": "severity", + "description": "Filter by severity. One of low, high, critical", + "type": "string", + "enum": [ + "low", + "high", + "critical" + ], + "required": false + }, + { + "in": "query", + "name": "platform", + "description": "Filter by platform. One of windows, darwin, microsoft_365, google, linux, email_security, other", + "type": "string", + "enum": [ + "windows", + "darwin", + "microsoft_365", + "google", + "linux", + "email_security", + "other" + ], + "required": false + }, + { + "in": "query", + "name": "organization_id", + "description": "Filter by organization ID within Huntress account", + "type": "integer", + "format": "int32", + "required": false + }, + { + "in": "query", + "name": "agent_id", + "description": "Filter by agent ID within Huntress account", + "type": "integer", + "format": "int32", + "required": false + } + ], + "responses": { + "200": { + "description": "List Incident Reports", + "schema": { + "type": "object", + "properties": { + "incident_reports": { + "type": "array", + "items": { + "$ref": "#/definitions/IncidentReport" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "incident_reports", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/IncidentReport" + } + } + }, + "tags": [ + "Incident Reports" + ], + "operationId": "getV1IncidentReports" + } + }, + "/v1/incident_reports/{id}": { + "get": { + "summary": "Get Incident Report", + "description": "Shows details on a single Incident Report associated with your account.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Incident Report ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Incident Report", + "schema": { + "type": "object", + "properties": { + "incident_report": { + "$ref": "#/definitions/IncidentReport" + } + } + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/IncidentReport" + } + } + }, + "tags": [ + "Incident Reports" + ], + "operationId": "getV1IncidentReportsId" + } + }, + "/v1/incident_reports/{id}/resolution": { + "post": { + "summary": "Create an Incident Report Resolution", + "description": "Use this endpoint to resolve a single Incident Report. All remediations belonging to the Incident Report must be approved first.\n\nWhile resolution updates the report status to resolved, assisted remediations may still be running in the background and manual remediations may still require completion by a user.\n\nThis endpoint requires an API key with permissions to resolve incident reports. **Note that the default account API key is read-only, so you'll need to create a user-based API key with the appropriate permissions to access this endpoint**.\n", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "201": { + "description": "Create an Incident Report Resolution", + "schema": { + "$ref": "#/definitions/IncidentReport" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions." + }, + "409": { + "description": "Incident Report cannot be resolved. Confirm that all remediations are approved and report status is 'sent'." + }, + "422": { + "description": "Incident Report cannot be resolved unless report status is 'sent'." + } + }, + "tags": [ + "Incident Reports" + ], + "operationId": "postV1IncidentReportsIdResolution" + } + }, + "/v1/incident_reports/{incident_report_id}/remediations": { + "get": { + "summary": "List Remediations", + "description": "Shows details of Remediations belonging to a single Incident Report.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "incident_report_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "types[]", + "description": "Filter by type of remediation. Must be a comma-separated string containing the values: assisted, manual, containment", + "type": "array", + "items": { + "type": "string", + "enum": [ + "assisted", + "manual", + "containment" + ] + }, + "required": false + }, + { + "in": "query", + "name": "statuses[]", + "description": "Filter by status of remediation. Must be a comma-separated string containing the values: unapproved, approved, completed, failed, cancelled", + "type": "array", + "items": { + "type": "string", + "enum": [ + "unapproved", + "approved", + "completed", + "failed", + "cancelled" + ] + }, + "required": false + } + ], + "responses": { + "200": { + "description": "List Remediations", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/Remediation" + } + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Remediation" + } + } + }, + "tags": [ + "Incident Reports" + ], + "operationId": "getV1IncidentReportsIncidentReportIdRemediations" + } + }, + "/v1/incident_reports/{incident_report_id}/remediations/{remediation_id}": { + "get": { + "summary": "Get Remediation", + "description": "Shows details for a single Remediation belonging to a single Incident Report", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "incident_report_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "in": "path", + "name": "remediation_id", + "description": "Incident Report ID", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Remediation", + "schema": { + "$ref": "#/definitions/Remediation" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Remediation" + } + } + }, + "tags": [ + "Incident Reports" + ], + "operationId": "getV1IncidentReportsIncidentReportIdRemediationsRemediationId" + } + }, + "/v1/incident_reports/{incident_report_id}/remediations/bulk_approval": { + "post": { + "summary": "Bulk Approve Remediations", + "description": "Approve all unapproved remediations for an Incident Report. Approval immediately triggers the execution of assisted remediations.\nManual remediations are not executed, and must be independently completed. Once all remediations are approved,\nthe incident report becomes eligible for resolution.\n\nThis endpoint requires an API key with permissions to write to remediations. **Note that the default account API key is read-only, so you'll need to create a user-based API key with the appropriate permissions to access this endpoint**.\n", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "incident_report_id", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "201": { + "description": "Bulk Approve Remediations", + "schema": { + "$ref": "#/definitions/IncidentReport" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions." + }, + "409": { + "description": "Incident Report must have a status of 'sent'." + }, + "422": { + "description": "Unable to approve remediations" + } + }, + "tags": [ + "Incident Reports" + ], + "operationId": "postV1IncidentReportsIncidentReportIdRemediationsBulkApproval" + } + }, + "/v1/incident_reports/{incident_report_id}/remediations/bulk_rejection": { + "post": { + "summary": "Bulk Reject Remediations", + "description": "Reject all unapproved remediations for an Incident Report. Rejecting the remediations will send the incident report back to the Huntress SOC.\n\nThis endpoint requires an API key with permissions to write to remediations. **Note that the default account API key is read-only, so you'll need to create a user-based API key with the appropriate permissions to access this endpoint**.\n", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "incident_report_id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "name": "RemediationBulkRejectionParameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RemediationBulkRejectionParameters" + } + } + ], + "responses": { + "201": { + "description": "Remediations rejected." + }, + "403": { + "description": "There was an issue with your API credential or permissions." + }, + "409": { + "description": "Incident Report must have a status of 'sent'." + }, + "422": { + "description": "Unable to reject remediations" + } + }, + "tags": [ + "Incident Reports" + ], + "operationId": "RemediationBulkRejectionParameters" + } + }, + "/v1/memberships": { + "get": { + "summary": "List Memberships", + "description": "Shows a list of memberships.\n\nBy default, this endpoint returns both account and organization\nmemberships, but if an organization ID is supplied, it will return\nonly organization memberships, instead.\n\nThe example return value shows both an organization and an account, but\na given membership will only have one or the other.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "organization_id", + "description": "Filter by organization ID to return only memberships for that organization.", + "type": "integer", + "format": "int32", + "required": false + } + ], + "responses": { + "200": { + "description": "List Memberships", + "schema": { + "type": "object", + "properties": { + "memberships": { + "type": "array", + "items": { + "$ref": "#/definitions/Membership" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "memberships", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Membership" + } + } + }, + "tags": [ + "Users" + ], + "operationId": "getV1Memberships" + }, + "post": { + "summary": "Create a Membership", + "description": "This endpoint allows you to invite a user to join your organization or\naccount. A user will often be a person you wish to grant access to,\nbut it could also represent a team, an automated system, or any other\ntype of actor.\n\nIf an organization ID is provided, the user will be invited to that\norganization. If not, they will be invited to the account associated\nwith this API credential. Note that while the sample return value\nincludes both an organization and an account for completeness, in\npractice, only one or the other will be included.\n\nNote that this is technically creating a Membership Invitation - the\nactual membership won't be created until the user accepts the\ninvitation.\n", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "name": "MembershipCreationParameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/MembershipCreationParameters" + } + } + ], + "responses": { + "201": { + "description": "Create a Membership", + "schema": { + "$ref": "#/definitions/MemberInvitation" + } + }, + "400": { + "description": "Something about the request is malformed." + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Membership" + } + }, + "404": { + "description": "Organization not found." + }, + "422": { + "description": "Invalid creation parameters." + } + }, + "tags": [ + "Users" + ], + "operationId": "MembershipCreationParameters" + } + }, + "/v1/memberships/{id}": { + "get": { + "summary": "Get Membership", + "description": "Shows details on a single Membership associated with your account or organization.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Membership ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Membership", + "schema": { + "type": "object", + "properties": { + "membership": { + "$ref": "#/definitions/Membership" + } + } + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Membership" + } + } + }, + "tags": [ + "Users" + ], + "operationId": "getV1MembershipsId" + }, + "delete": { + "summary": "Delete Membership", + "description": "Deletes a single Membership associated with your account or organization. Does not delete the user associated with the membership.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Membership ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "202": { + "description": "Membership deleted", + "schema": { + "type": "object", + "properties": { + "membership": { + "$ref": "#/definitions/Membership" + } + } + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Membership" + } + }, + "404": { + "description": "Membership not found, possibly because it has already been deleted." + }, + "422": { + "description": "Failed to delete membership. Please contact support." + } + }, + "tags": [ + "Users" + ], + "operationId": "deleteV1MembershipsId" + }, + "patch": { + "summary": "Update a User's membership", + "description": "", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Membership ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + }, + { + "name": "MembershipUpdateParameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/MembershipUpdateParameters" + } + } + ], + "responses": { + "200": { + "description": "Update a User's membership", + "schema": { + "$ref": "#/definitions/Membership" + } + }, + "400": { + "description": "Something about the request is malformed." + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Membership" + } + }, + "422": { + "description": "Something prevented the update." + } + }, + "tags": [ + "Users" + ], + "operationId": "MembershipUpdateParameters" + } + }, + "/v1/organizations": { + "get": { + "summary": "List Organizations", + "description": "Shows details of Organizations belonging to the account associated with your API credentials.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + } + ], + "responses": { + "200": { + "description": "List Organizations", + "schema": { + "type": "object", + "properties": { + "organizations": { + "type": "array", + "items": { + "$ref": "#/definitions/Organization" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "organizations", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Organization" + } + } + }, + "tags": [ + "Organizations" + ], + "operationId": "getV1Organizations" + }, + "post": { + "summary": "Create an Organization", + "description": "", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "name": "OrganizationCreationParameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/OrganizationCreationParameters" + } + } + ], + "responses": { + "201": { + "description": "Create an Organization", + "schema": { + "$ref": "#/definitions/Organization" + } + }, + "400": { + "description": "Something about the request is malformed." + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Organization" + } + }, + "422": { + "description": "Invalid creation parameters." + } + }, + "tags": [ + "Organizations" + ], + "operationId": "OrganizationCreationParameters" + } + }, + "/v1/organizations/{id}": { + "get": { + "summary": "Get Organization", + "description": "Shows details on a single Organization associated with your account.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Organization ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Organization", + "schema": { + "type": "object", + "properties": { + "organization": { + "$ref": "#/definitions/Organization" + } + } + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Organization" + } + } + }, + "tags": [ + "Organizations" + ], + "operationId": "getV1OrganizationsId" + }, + "patch": { + "summary": "Update an Organization", + "description": "", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "type": "integer", + "format": "int32", + "required": true + }, + { + "name": "OrganizationUpdateParameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/OrganizationUpdateParameters" + } + } + ], + "responses": { + "200": { + "description": "Update an Organization", + "schema": { + "$ref": "#/definitions/Organization" + } + }, + "400": { + "description": "Something about the request is malformed." + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Organization" + } + }, + "422": { + "description": "Invalid update parameters." + } + }, + "tags": [ + "Organizations" + ], + "operationId": "OrganizationUpdateParameters" + }, + "delete": { + "summary": "Delete an Organization", + "description": "Deletes the specified Organization.\n\n**Please note:** this will uninstall all of the agents in this organization, as well as completing other similar operations. For more information, see our [support documentation](https://support.huntress.io/hc/en-us/articles/4404005208851-Add-Rename-or-Delete-Organizations).\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "description": "The id of the organization to be deleted", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "202": { + "description": "Organization deleted", + "schema": { + "$ref": "#/definitions/Organization" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Organization" + } + }, + "404": { + "description": "Organization not found, possibly because it has already been deleted." + }, + "409": { + "description": "There is a conflict about the organization that prevents deletion. See error message for more details." + }, + "422": { + "description": "Failed to delete organization. Please contact support." + } + }, + "tags": [ + "Organizations" + ], + "operationId": "deleteV1OrganizationsId" + } + }, + "/v1/reports": { + "get": { + "summary": "List Summary Reports", + "description": "Shows Summary Reports associated with your account.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "period_min", + "description": "Filter by an ISO-8601 formatted date string that represents the lower bound of the search range for the period date.", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "period_max", + "description": "Filter by an ISO-8601 formatted date string that represents the upper bound of the search range for the period date.", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "organization_id", + "description": "Filter by organization ID within Huntress account", + "type": "integer", + "format": "int32", + "required": false + }, + { + "in": "query", + "name": "type", + "description": "Filter by report type. One of monthly_summary, quarterly_summary, yearly_summary", + "type": "string", + "enum": [ + "monthly_summary", + "quarterly_summary", + "yearly_summary" + ], + "required": false + } + ], + "responses": { + "200": { + "description": "List Summary Reports", + "schema": { + "type": "object", + "properties": { + "reports": { + "type": "array", + "items": { + "$ref": "#/definitions/SummaryReport" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "reports", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions." + } + }, + "tags": [ + "Summary Reports" + ], + "operationId": "getV1Reports" + } + }, + "/v1/reports/{id}": { + "get": { + "summary": "Get Summary Report", + "description": "Shows details on a single Summary Report associated with your account.", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Report ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Summary Report", + "schema": { + "$ref": "#/definitions/SummaryReport" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions." + } + }, + "tags": [ + "Summary Reports" + ], + "operationId": "getV1ReportsId" + } + }, + "/v1/signals": { + "get": { + "summary": "List Signals", + "description": "Shows details of Signals belonging to the account associated with your API credentials.\n\nSignals are used to highlight interesting user or system behaviors that an analyst can reference during a cyber investigation.\nA detected Signal could be as broad and low fidelity as the detection of a command line user running whoami, or it could be as specific and high fidelity as detecting a known malware file.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "query", + "name": "limit", + "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", + "type": "integer", + "format": "int32", + "default": 10, + "minimum": 1, + "maximum": 500, + "required": false + }, + { + "in": "query", + "name": "page_token", + "description": "Token used to request the next page in paginated results. Defaults to 'null'", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "investigated_at_min", + "description": "Filter by an ISO-8601 formatted date string that represents the lower bound of the search range for the investigated_at date.", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "investigated_at_max", + "description": "Filter by an ISO-8601 formatted date string that represents the upper bound of the search range for the investigated_at date.", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "entity_type", + "description": "Filter by the entity type that the Signal originated from. This filter can be used without specifying entity_id.", + "type": "string", + "enum": [ + "user_entity", + "source", + "mailbox", + "service_principal", + "agent", + "identity" + ], + "required": false + }, + { + "in": "query", + "name": "entity_id", + "description": "Filter by the entity ID that the Signal originated from. Must be used in tandem with entity_type parameter.", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "organization_id", + "description": "Filter by organization ID within Huntress account", + "type": "integer", + "format": "int32", + "required": false + }, + { + "in": "query", + "name": "types", + "description": "Filter by the types of Signal, must be comma-separated string containing the values: `Antivirus, Process Insights, Managed ITDR, Footholds, MDE Detections, SIEM, Ransomware Canaries, Favicon Detections, Attack Disruptions, App Control`", + "type": "string", + "required": false + }, + { + "in": "query", + "name": "statuses", + "description": "Filter by status. Must be comma-separated string containing the values: `reported`, `closed`", + "type": "string", + "required": false + } + ], + "responses": { + "200": { + "description": "List Signals", + "schema": { + "type": "object", + "properties": { + "signals": { + "type": "array", + "items": { + "$ref": "#/definitions/Signal" + } + }, + "pagination": { + "$ref": "#/definitions/RestApi_V1_Entities_Pagination" + } + }, + "required": [ + "signals", + "pagination" + ] + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Signal" + } + } + }, + "tags": [ + "Signals" + ], + "operationId": "getV1Signals" + } + }, + "/v1/signals/{id}": { + "get": { + "summary": "Get Signal", + "description": "Shows details of a single Signal belonging to the account associated with your API credentials.\n\nSignals are used to highlight interesting user or system behaviors that an analyst can reference during a cyber investigation.\nA detected Signal could be as broad and low fidelity as the detection of a command line user running whoami, or it could be as specific and high fidelity as detecting a known malware file.\n", + "produces": [ + "application/json" + ], + "parameters": [ + { + "in": "path", + "name": "id", + "description": "Signal ID within Huntress account", + "type": "integer", + "format": "int32", + "required": true + } + ], + "responses": { + "200": { + "description": "Get Signal", + "schema": { + "$ref": "#/definitions/Signal" + } + }, + "403": { + "description": "There was an issue with your API credential or permissions.", + "schema": { + "$ref": "#/definitions/Signal" + } + } + }, + "tags": [ + "Signals" + ], + "operationId": "getV1SignalsId" + } + } + }, + "definitions": { + "Invoice": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64", + "example": 1, + "description": "A unique identifier for the invoice." + }, + "amount": { + "type": "integer", + "format": "int32", + "example": 303, + "description": "The amount intended to be collected by this invoice. Mimics Stripe.." + }, + "created_at": { + "type": "string", + "format": "date-time", + "example": "2022-03-01T20:56:15Z", + "description": "ISO-8601 formatted timestamp for when this invoice was created." + }, + "currency_type": { + "type": "string", + "example": "usd", + "description": "The currency type, using a ISO-4217 three-letter code in lowercase." + }, + "plan": { + "type": "string", + "example": "Huntress Partner 100 Agents", + "description": "The corresponding name of huntress subscription plan sku." + }, + "quantity": { + "type": "integer", + "format": "int64", + "example": 101, + "description": "The total count of licensed agents accounted for in this invoice." + }, + "receipt": { + "type": "string", + "example": "https://pay.stripe/com/invoice/invst_uuid", + "description": "A direct link to stripe payment invoice for this invoice." + }, + "status": { + "type": "string", + "example": "paid", + "description": "The invoice status. Can be one of `open`, `paid`, `failed`, `partial_refund`, `full_refund`." + }, + "updated_at": { + "type": "string", + "format": "date-time", + "example": "2022-03-01T20:56:15Z", + "description": "ISO-8601 formatted timestamp for when this invoice was last updated." + } + }, + "description": "Invoice model" + }, + "RestApi_V1_Entities_Pagination": { + "type": "object", + "properties": { + "current_page": { + "type": "string" + }, + "current_page_count": { + "type": "string" + }, + "limit": { + "type": "string" + }, + "total_count": { + "type": "string" + }, + "next_page": { + "type": "string" + }, + "next_page_url": { + "type": "string" + }, + "next_page_token": { + "type": "string" + } + }, + "description": "RestApi_V1_Entities_Pagination model" + }, + "AccountUsageLineItem": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64", + "example": 1, + "description": "A unique identifier for this Account Usage Line Item." + }, + "period_start": { + "type": "string", + "example": "2026-01-10 01:07:08 UTC", + "description": "The time and date that this billing period started." + }, + "period_end": { + "type": "string", + "example": "2026-02-09 01:07:08 UTC", + "description": "The time and date that this billing period ended." + }, + "account": { + "type": "Object", + "example": { + "id": 123, + "name": "Willy Wonka", + "subdomain": "willy_wonka" + }, + "description": "The account in which this data belongs to." + }, + "product": { + "type": "string", + "example": "edr", + "description": "The product that this data pertains to." + }, + "subscription": { + "type": "Object", + "example": { + "start_date": "2025-11-10 22:35:14 UTC", + "end_date": "2025-11-10 22:35:14 UTC", + "minimum": 400 + }, + "description": "Subscription information that is tied to the account and invoice." + }, + "usage": { + "type": "Object", + "example": { + "billable": 400, + "non_billable": 0, + "actual": 300 + }, + "description": "The accounts breakdown of its use of the product and the billing around it." + } + }, + "description": "AccountUsageLineItem model" + }, + "OrganizationUsageLineItem": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64", + "example": 1, + "description": "A unique identifier for this Organization Usage Line Item." + }, + "period_start": { + "type": "string", + "example": "2026-02-11T14:12:08Z", + "description": "The time and date that this billing period started." + }, + "period_end": { + "type": "string", + "example": "2027-02-11T14:12:08Z", + "description": "The time and date that this billing period ended." + }, + "account": { + "type": "Object", + "example": { + "id": 123, + "name": "Willy Wonka", + "subdomain": "willy_wonka" + }, + "description": "The account in which this data belongs to." + }, + "organization": { + "type": "Object", + "example": { + "id": 123, + "name": "Willy Wonka" + }, + "description": "The organization to which this data belongs." + }, + "actual_usage": { + "type": "Object", + "example": { + "edr": 400, + "itdr": 20, + "sat": 300, + "siem": 50 + }, + "description": "A breakdown by Huntress product of the number of units actually used for an organization." + } + }, + "description": "OrganizationUsageLineItem model" + }, + "Subscription": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64", + "example": 1, + "description": "A unique identifier for the subscription." + }, + "account": { + "type": "Object", + "example": { + "id": 1, + "name": "Little Bobby's Table Emporium" + }, + "description": "The account associated with this subscription." + }, + "product": { + "type": "string", + "enum": [ + "edr", + "sat", + "itdr", + "siem" + ], + "example": "edr", + "description": "The product type for this subscription." + }, + "status": { + "type": "string", + "enum": [ + "draft", + "approved", + "accepted", + "active", + "completed" + ], + "example": "active", + "description": "The subscription status." + }, + "minimum_usage": { + "type": "integer", + "format": "int64", + "example": 100, + "description": "The minimum usage commitment for this subscription." + }, + "billing_interval": { + "type": "string", + "enum": [ + "monthly", + "annual" + ], + "example": "monthly", + "description": "The billing interval for this subscription." + }, + "effective_date": { + "type": "string", + "example": "2024-01-01T00:00:00Z", + "description": "ISO-8601 formatted date when this subscription becomes effective." + }, + "renewal_date": { + "type": "string", + "example": "2025-01-01T00:00:00Z", + "description": "ISO-8601 formatted date when this subscription renews." + }, + "auto_renew": { + "type": "boolean", + "example": true, + "description": "Whether this subscription will auto-renew." + }, + "schedules": { + "type": "array", + "items": { + "$ref": "#/definitions/SubscriptionSchedule" + }, + "example": [ + { + "id": 1, + "minimum": 100, + "maximum": 500, + "status": "active", + "target_price": 200, + "months": 12, + "promo_units": 0, + "starts_at": "2024-01-01T00:00:00Z", + "ends_at": "2025-01-01T00:00:00Z" + } + ], + "description": "The schedules associated with this subscription." + } + }, + "description": "Subscription model" + }, + "SubscriptionSchedule": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64", + "example": 1, + "description": "A unique identifier for the subscription schedule." + }, + "minimum": { + "type": "integer", + "format": "int64", + "example": 100, + "description": "The minimum usage commitment for this schedule period." + }, + "maximum": { + "type": "integer", + "format": "int64", + "example": 500, + "description": "The maximum usage limit for this schedule period." + }, + "status": { + "type": "string", + "enum": [ + "active", + "completed", + "pending" + ], + "example": "active", + "description": "The schedule status." + }, + "target_price": { + "type": "integer", + "format": "int64", + "example": 200, + "description": "The target price per unit for this schedule period." + }, + "months": { + "type": "integer", + "format": "int64", + "example": 12, + "description": "The number of months this schedule period covers." + }, + "promo_units": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The number of promotional units for this schedule period." + }, + "starts_at": { + "type": "string", + "example": "2024-01-01T00:00:00Z", + "description": "ISO-8601 formatted date when this schedule period starts." + }, + "ends_at": { + "type": "string", + "example": "2025-01-01T00:00:00Z", + "description": "ISO-8601 formatted date when this schedule period ends." + } + } + }, + "SubscriptionCreationParameters": { + "type": "object", + "properties": { + "account_id": { + "type": "integer", + "format": "int32", + "description": "The reseller subaccount ID" + }, + "product": { + "type": "string", + "description": "Product type", + "enum": [ + "edr", + "sat", + "itdr", + "siem" + ] + }, + "minimum": { + "type": "integer", + "format": "int32", + "description": "Minimum usage commitment (must be greater than zero)" + }, + "purchase_order": { + "type": "string", + "description": "Purchase order number" + }, + "billing_interval": { + "type": "string", + "description": "Billing interval", + "enum": [ + "monthly", + "annual" + ], + "default": "monthly" + } + }, + "required": [ + "account_id", + "product", + "minimum", + "purchase_order" + ], + "description": "Create Reseller Subscription" + }, + "SubscriptionUpdateParameters": { + "type": "object", + "properties": { + "minimum": { + "type": "integer", + "format": "int32", + "description": "Minimum usage commitment (must be greater than zero)" + }, + "purchase_order": { + "type": "string", + "description": "Purchase order number" + }, + "billing_interval": { + "type": "string", + "description": "Billing interval", + "enum": [ + "monthly", + "annual" + ] + }, + "additional_units": { + "type": "integer", + "format": "int32", + "description": "Units to add (active subscriptions only)" + }, + "auto_renew": { + "type": "boolean", + "description": "Set auto-renew (active subscriptions only)" + } + }, + "description": "Update Reseller Subscription" + }, + "SubscriptionUpgradeParameters": { + "type": "object", + "properties": { + "minimum": { + "type": "integer", + "format": "int32", + "description": "New minimum usage commitment (must be greater than zero)" + }, + "purchase_order": { + "type": "string", + "description": "Purchase order number (defaults to existing subscription's PO)" + }, + "on_renewal": { + "type": "boolean", + "description": "Schedule upgrade for next renewal instead of immediately", + "default": false + } + }, + "required": [ + "minimum" + ], + "description": "Upgrade Reseller Subscription" + }, + "postV1SiemQuery": { + "type": "object", + "properties": { + "esql": { + "type": "string", + "description": "ESQL query string (must begin with FROM logs)" + }, + "range_start": { + "type": "string", + "format": "date-time", + "description": "Query range start (ISO 8601)" + }, + "range_end": { + "type": "string", + "format": "date-time", + "description": "Query range end (ISO 8601)" + }, + "page_token": { + "type": "string", + "description": "Pagination token from previous response" + } + }, + "required": [ + "esql", + "range_start", + "range_end" + ], + "description": "Execute ESQL Query" + }, + "SiemQueryResult": { + "type": "object", + "properties": { + "logs": { + "type": "array", + "items": { + "type": "object" + }, + "example": [ + { + "uuid": "019612ab-1234-7000-8000-000000000001", + "event.provider": "Microsoft-Windows-Security-Auditing", + "host.hostname": "DESKTOP-ABC123", + "message": "An account was successfully logged on." + } + ], + "description": "Array of log records. Keys are Elastic Common Schema (ECS) field names (e.g. `event.provider`, `host.hostname`). The fields present depend on the columns selected by your ESQL query. With no column selection, all available ECS fields are returned." + }, + "pagination": { + "$ref": "#/definitions/SiemPagination", + "example": { + "next_page_token": "019612ab-1234-7000-8000-000000000002" + }, + "description": "Pagination details. Contains `next_page_token` when additional results are available." + } + }, + "description": "SiemQueryResult model" + }, + "SiemPagination": { + "type": "object", + "properties": { + "next_page_token": { + "type": "string", + "example": "019612ab-1234-7000-8000-000000000001", + "description": "Token to retrieve the next page of results. Omitted when all results have been returned." + } + } + }, + "Account": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64", + "example": 1, + "description": "A unique identifier for the account." + }, + "name": { + "type": "string", + "example": "Your Account", + "description": "The public facing display name for the account." + }, + "subdomain": { + "type": "string", + "example": "exampleaccount", + "description": "The subdomain for the account." + }, + "status": { + "type": "string", + "example": "enabled", + "description": "The current status on the account. Can be one of `enabled`, `disabled`." + }, + "support_type": { + "type": "string", + "enum": [ + "huntress_supported", + "partner_supported", + "not_applicable" + ], + "example": "huntress_supported", + "description": "For accounts that have been provisioned through a reseller, this field indicates whether the account is huntress supported or partner supported." + }, + "neighborhood_watch": { + "type": "Object", + "example": { + "edr": 10, + "itdr": 10, + "sat": 10, + "siem": 10 + }, + "description": "The count of Neighborhood Watch seats assigned to the account, by product." + }, + "billing_address": { + "$ref": "#/definitions/Address", + "description": "The billing address for the account, or null if not set." + }, + "shipping_address": { + "$ref": "#/definitions/Address", + "description": "The shipping address for the account, or null if not set." + } + }, + "description": "Account model" + }, + "Address": { + "type": "object", + "properties": { + "line1": { + "type": "string", + "description": "Street address line 1." + }, + "line2": { + "type": "string", + "description": "Street address line 2." + }, + "city": { + "type": "string", + "description": "City." + }, + "state": { + "type": "string", + "description": "State or province. Required for US and CA addresses." + }, + "postal_code": { + "type": "string", + "description": "Postal or ZIP code. Required for US and GB addresses." + }, + "country": { + "type": "string", + "description": "Two-letter ISO 3166-1 alpha-2 country code." + } + } + }, + "AccountCreationParameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the account to be created" + }, + "subdomain": { + "type": "string", + "description": "Subdomain this account will use to access the Huntress portal" + }, + "phone_number": { + "type": "string", + "description": "Primary phone number used to contact account owner" + }, + "admin": { + "type": "object", + "properties": { + "first_name": { + "type": "string", + "description": "First name of the initial admin user for this account" + }, + "last_name": { + "type": "string", + "description": "Last name of the initial admin user for this account" + }, + "email": { + "type": "string", + "description": "Email address of the initial admin user for this account" + } + }, + "required": [ + "first_name", + "last_name", + "email" + ] + }, + "additional_admin_emails": { + "type": "array", + "description": "Email addresses of additional admin users to invite to this account", + "example": [ + "another_admin@example.com", + "one_more@example.com" + ], + "items": { + "type": "string", + "additionalProperties": { + "type": "String" + } + } + }, + "support_type": { + "type": "string", + "description": "Specifies whether a reseller account is managed by the partner or by\nHuntress.\n\nNOTE: This field is only required for Managed Resellers. For all\nother types of resellers, there is only one valid support type, so it\nwill be selected automatically.\n", + "enum": [ + "huntress_supported", + "partner_supported" + ] + }, + "products": { + "type": "array", + "description": "A list of the products to provision for this account.\n\nNOTE: This field is only relevant for Aggregators. For all other\ntypes of resellers, the appropriate trials will be created\nautomatically and this field will be ignored. (If you aren't sure\nwhether this applies to you, you can probably ignore this field.)\n", + "example": [ + "edr", + "sat", + "itdr", + "siem" + ], + "items": { + "type": "string", + "enum": [ + "edr", + "sat", + "itdr", + "siem" + ], + "additionalProperties": { + "type": "String" + } + } + }, + "billing_address": { + "type": "object", + "description": "Billing address for the account. If provided, must be valid.", + "properties": { + "line1": { + "type": "string", + "description": "Street address line 1" + }, + "line2": { + "type": "string", + "description": "Street address line 2" + }, + "city": { + "type": "string", + "description": "City" + }, + "state": { + "type": "string", + "description": "State or province (required for US and CA)" + }, + "postal_code": { + "type": "string", + "description": "Postal or ZIP code (required for US and GB)" + }, + "country": { + "type": "string", + "description": "Two-letter ISO 3166-1 alpha-2 country code" + } + } + }, + "shipping_address": { + "type": "object", + "description": "Shipping address for the account. If provided, must be valid.", + "properties": { + "line1": { + "type": "string", + "description": "Street address line 1" + }, + "line2": { + "type": "string", + "description": "Street address line 2" + }, + "city": { + "type": "string", + "description": "City" + }, + "state": { + "type": "string", + "description": "State or province (required for US and CA)" + }, + "postal_code": { + "type": "string", + "description": "Postal or ZIP code (required for US and GB)" + }, + "country": { + "type": "string", + "description": "Two-letter ISO 3166-1 alpha-2 country code" + } + } + } + }, + "required": [ + "name", + "subdomain", + "phone_number", + "admin" + ], + "description": "Create Account" + }, + "AccountUpdateParameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the account" + }, + "subdomain": { + "type": "string", + "description": "Subdomain this account will use to access the Huntress portal" + }, + "phone_number": { + "type": "string", + "description": "Primary phone number used to contact account owner" + }, + "support_type": { + "type": "string", + "description": "Specifies whether a reseller account is managed by the partner or by\nHuntress.\n\nNOTE: This field is only applicable for Managed Resellers. For all\nother types of resellers, there is only one valid support type, so it\ncannot be updated.\n", + "enum": [ + "huntress_supported", + "partner_supported" + ] + }, + "billing_address": { + "type": "object", + "description": "Billing address for the account. If provided, must be valid.", + "properties": { + "line1": { + "type": "string", + "description": "Street address line 1" + }, + "line2": { + "type": "string", + "description": "Street address line 2" + }, + "city": { + "type": "string", + "description": "City" + }, + "state": { + "type": "string", + "description": "State or province (required for US and CA)" + }, + "postal_code": { + "type": "string", + "description": "Postal or ZIP code (required for US and GB)" + }, + "country": { + "type": "string", + "description": "Two-letter ISO 3166-1 alpha-2 country code" + } + } + }, + "shipping_address": { + "type": "object", + "description": "Shipping address for the account. If provided, must be valid.", + "properties": { + "line1": { + "type": "string", + "description": "Street address line 1" + }, + "line2": { + "type": "string", + "description": "Street address line 2" + }, + "city": { + "type": "string", + "description": "City" + }, + "state": { + "type": "string", + "description": "State or province (required for US and CA)" + }, + "postal_code": { + "type": "string", + "description": "Postal or ZIP code (required for US and GB)" + }, + "country": { + "type": "string", + "description": "Two-letter ISO 3166-1 alpha-2 country code" + } + } + } + }, + "description": "Update Account" + }, + "Agent": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64", + "example": 1, + "description": "A unique identifier for an agent." + }, + "account_id": { + "type": "integer", + "format": "int64", + "example": 5, + "description": "The unique identifier of the account associated with the agent." + }, + "arch": { + "type": "string", + "example": "x86_64", + "description": "The architecture on the host machine." + }, + "created_at": { + "type": "string", + "format": "date-time", + "example": "2022-03-01T20:05:10Z", + "description": "A timestamp for when the agent was created, formatted as per ISO-8601." + }, + "domain_name": { + "type": "string", + "example": "WORKGROUP", + "description": "Domain that refers to the host machine." + }, + "edr_version": { + "type": "string", + "example": "0.3.20", + "description": "The semantic versioning number of the Huntress EDR software installed on the machine or `null` if EDR is not installed." + }, + "external_ip": { + "type": "string", + "example": "198.51.100.42", + "description": "The external IP of the host machine, if applicable." + }, + "hostname": { + "type": "string", + "example": "laptop01", + "description": "The hostname of the host machine." + }, + "defender_policy_status": { + "type": "string", + "example": "Compliant", + "description": "Policy status of Defender AV for Managed Antivirus." + }, + "defender_status": { + "type": "string", + "example": "Healthy", + "description": "Status of Defender AV Managed Antivirus." + }, + "defender_substatus": { + "type": "string", + "example": "Up to date", + "description": "Sub-status of Defender AV Managed Antivirus." + }, + "firewall_status": { + "type": "string", + "example": "Disabled", + "description": "Status of agent firewall. Can be one of Disabled, Enabled, Pending Isolation, Isolated, Pending Release" + }, + "ipv4_address": { + "type": "string", + "example": "146.134.139.9", + "description": "The internal IP of the host machine." + }, + "last_callback_at": { + "type": "string", + "format": "date-time", + "example": "2022-03-01T20:05:10Z", + "description": "A timestamp for when the last time Huntress was able to access the host machine." + }, + "last_survey_at": { + "type": "string", + "format": "date-time", + "example": "2022-03-01T20:05:10Z", + "description": "A timestamp for when the last Microsoft Defender survey was received by Huntress for this host machine." + }, + "mac_addresses": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "7c:a7:b0:16:2f:78" + ], + "description": "The unique media access control (MAC) addresses associated with the agent." + }, + "service_pack_major": { + "type": "integer", + "format": "int32", + "example": 0, + "description": "The major version of the Windows service pack installed on the host machine." + }, + "service_pack_minor": { + "type": "integer", + "format": "int32", + "example": 0, + "description": "The minor version of the Windows service pack installed on the host machine." + }, + "organization_id": { + "type": "integer", + "format": "int64", + "example": 7, + "description": "The unique identifier of the organization associated with the agent." + }, + "os": { + "type": "string", + "example": "Windows 8 Pro", + "description": "The operating system of the host machine." + }, + "os_build_version": { + "type": "string", + "example": "19044", + "description": "The operating system build number of the host machine corresponding to its platform (windows or darwin)." + }, + "os_major": { + "type": "integer", + "format": "int32", + "example": 6, + "description": "The major OS version of the host machine. Corresponds with the major releases of Windows operating systems. A list is accessible here." + }, + "os_minor": { + "type": "integer", + "format": "int32", + "example": 2, + "description": " The minor OS version of the host machine. Refer to the `os_major` field details for further details." + }, + "os_patch": { + "type": "integer", + "format": "int32", + "example": 0, + "description": "The patch version of the macOS update installed on the host machine, such as 1 in version 12.5.1." + }, + "platform": { + "type": "string", + "example": "windows", + "description": "The platform of the host machine (`darwin`, `windows`, or `linux`)." + }, + "serial_number": { + "type": "string", + "example": "wtIe1bvDbh", + "description": "The serial number of the host machine as reported to the operating system." + }, + "tags": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "Server", + "Production" + ], + "description": "User classifications on the host machine." + }, + "updated_at": { + "type": "string", + "format": "date-time", + "example": "2022-03-01T20:05:10Z", + "description": "A timestamp for when the agent was last updated, formatted as per ISO-8601." + }, + "version": { + "type": "string", + "example": "0.11.3", + "description": "The semantic versioning number of the agent installed on the host machine." + }, + "version_number": { + "type": "integer", + "format": "int32", + "example": 720899, + "description": "Windows version number." + }, + "win_build_number": { + "type": "integer", + "format": "int32", + "example": 19044, + "description": "The Windows Build Number. Should correspond to information on the Microsoft site." + } + }, + "description": "Agent model" + }, + "ExternalPort": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64", + "example": 42, + "description": "A unique identifier for an external port record." + }, + "ip_address": { + "type": "string", + "example": "203.0.113.5", + "description": "The public IPv4 address associated with this external port." + }, + "port": { + "type": "integer", + "format": "int32", + "example": 22, + "description": "The port number." + }, + "protocol": { + "type": "string", + "example": "TCP", + "description": "The transport protocol (usually TCP or UDP)." + }, + "service": { + "type": "string", + "example": "ssh", + "description": "The service or application detected on the port." + }, + "risky_service": { + "type": "boolean", + "example": true, + "description": "Whether the detected service is considered risky." + }, + "last_scan_at": { + "type": "string", + "format": "date-time", + "example": "2026-03-15T12:00:00Z", + "description": "Timestamp of the last Huntress scan, formatted as per ISO-8601." + }, + "last_external_scan_at": { + "type": "string", + "format": "date-time", + "example": "2026-03-14T08:00:00Z", + "description": "Timestamp of the last external scan, formatted as per ISO-8601." + }, + "organization_ids": { + "type": "array", + "example": [ + 1, + 5 + ], + "description": "IDs of organizations associated with this external port that are accessible to the current user." + } + }, + "description": "ExternalPort model" + }, + "IncidentReport": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64", + "example": 1, + "description": "A unique identifier for an incident report." + }, + "account_id": { + "type": "integer", + "format": "int64", + "example": 5, + "description": "Unique identifier for the account this incident report is associated with." + }, + "agent_id": { + "type": "integer", + "format": "int64", + "example": 12, + "description": "Unique identifier for the agent this incident report is associated with." + }, + "body": { + "type": "string", + "example": "", + "description": "Autogenerated content describing the details of the incident in question." + }, + "closed_at": { + "type": "string", + "format": "date-time", + "example": "2022-03-15T14:22:00Z", + "description": "ISO-8601 formatted timestamp for when this incident report had its status set to `closed`. Null if non-applicable." + }, + "indicator_counts": { + "type": "object", + "example": { + "footholds": 1, + "monitored_files": 0, + "process_detections": 0, + "ransomware_canaries": 0, + "antivirus_detections": 0 + }, + "description": "Mapping of indicator types to number of incidences of that threat in the context of this incident report." + }, + "indicator_types": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "footholds" + ], + "description": "Unique list of threat indicators that have been found in the context of this incident report." + }, + "organization_id": { + "type": "integer", + "format": "int64", + "example": 4, + "description": "Unique identifier for the organization this incident report is associated with." + }, + "platform": { + "type": "string", + "example": "windows", + "description": "The platform of the host machine (`darwin`,`google`,`microsoft_365`,`linux`,`windows`, or `other`)." + }, + "remediations": { + "type": "object", + "example": { + "total_count": 1, + "has_more": false, + "items": [ + { + "id": 1, + "type": "manual", + "action": "Delete File", + "parameters": [ + { + "name": "path", + "description": "c:\\windows\\system32\\tasks\\malicious_task" + } + ], + "status": "completed", + "approved_at": "2025-06-26T18:57:03Z", + "approved_by": { + "id": "123123", + "email": "john.smith@example.com", + "name": "John smith" + }, + "completed_at": "2025-06-26T18:57:03Z" + } + ] + }, + "description": "This represents an itemized list of the first 10 remediations for an incident report. If there are more than 10, use the remediations endpoint to retrieve information about them." + }, + "sent_at": { + "type": "string", + "format": "date-time", + "example": "2022-03-01T21:00:00Z", + "description": "ISO-8601 formatted timestamp for when a Huntress SOC analyst has notified necessary parties regarding this incident report. Null if not sent." + }, + "severity": { + "type": "string", + "example": "low", + "description": "The severity of the incident report. Can be one of `low`, `high`, `critical`." + }, + "status": { + "type": "string", + "example": "closed", + "description": "Status of the incident report. Can be one of `sent`, `closed`, `dismissed`" + }, + "status_updated_at": { + "type": "string", + "format": "date-time", + "example": "2022-03-15T14:22:00Z", + "description": "ISO-8601 formatted timestamp for when the status of this incident report was last updated." + }, + "subject": { + "type": "string", + "example": "LOW - Incident on laptop01 (Test)", + "description": "Autogenerated one-line description of the incident." + }, + "summary": { + "type": "string", + "example": "Huntress detected a malicious scheduled task on this host. We recommend removing the file and scheduled task listed in the remediation steps below.", + "description": "Details of the incident report, as provided by a Huntress SOC analyst." + }, + "updated_at": { + "type": "string", + "format": "date-time", + "example": "2022-03-01T20:31:30Z", + "description": "ISO-8601 formatted timestamp for when this incident report was last updated." + } + }, + "description": "IncidentReport model" + }, + "Membership": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64", + "example": 1, + "description": "A unique identifier for this membership. Note that this is _not_ the id of the user, account, etc. Instead, it identifies this specific relationship, which can be used to modify or delete the membership." + }, + "permissions": { + "type": "string", + "enum": [ + "Admin", + "Security Engineer", + "User", + "Read-only", + "Finance", + "Marketing", + "Admin-Read-only", + "Provisioner" + ], + "example": "Read-only", + "description": "The specific level of permissions that have been granted to this user in the context of this membership." + }, + "account": { + "type": "Object", + "example": { + "id": 1234, + "name": "Exemplary Accounting, LLC" + }, + "description": "The account associated with this membership (if any)." + }, + "organization": { + "type": "Object", + "example": { + "id": 5678, + "name": "Organic Zations" + }, + "description": "The organization associated with this membership (if any)." + }, + "user": { + "type": "Object", + "example": { + "id": 90210, + "email": "little_bobby@example.com", + "name": "Robert Tables" + }, + "description": "The user associated with this membership." + }, + "created_at": { + "type": "string", + "example": "2026-01-22 01:07:08 UTC", + "description": "The time and date that this membership was created." + }, + "updated_at": { + "type": "string", + "example": "2026-01-22 01:07:08 UTC", + "description": "The time and date that this membership was last updated." + } + }, + "description": "Membership model" + }, + "MembershipCreationParameters": { + "type": "object", + "properties": { + "email": { + "type": "string", + "description": "The email address of the user you are inviting.", + "example": "accounting@example.com" + }, + "first_name": { + "type": "string", + "description": "The first name of the user you are inviting.", + "example": "Accounting" + }, + "last_name": { + "type": "string", + "description": "The last name of the user you are inviting.", + "example": "Department" + }, + "permissions": { + "type": "string", + "description": "The specific permissions this membership will grant to the user.", + "enum": [ + "Admin", + "Security Engineer", + "User", + "Read-only", + "Finance", + "Marketing" + ], + "example": "Read-only" + }, + "organization_id": { + "type": "integer", + "format": "int32", + "description": "Include this parameter to invite a user to an organization instead of your account.", + "example": 123456 + } + }, + "required": [ + "email", + "first_name", + "last_name", + "permissions" + ], + "description": "Create a Membership" + }, + "MemberInvitation": { + "type": "object", + "properties": { + "permissions": { + "type": "string", + "example": "Read-only", + "description": "The specific level of permissions that have been granted to this user in the context of this membership." + }, + "account": { + "type": "Object", + "example": { + "id": 1234, + "name": "Exemplary Accounting, LLC" + }, + "description": "The account associated with this membership (if any)." + }, + "organization": { + "type": "Object", + "example": { + "id": 5678, + "name": "Organic Zations" + }, + "description": "The organization associated with this membership (if any)." + }, + "user": { + "type": "Object", + "example": { + "email": "little_bobby@example.com", + "name": "Robert Tables" + }, + "description": "The user associated with this membership." + } + }, + "description": "MemberInvitation model" + }, + "MembershipUpdateParameters": { + "type": "object", + "properties": { + "permissions": { + "type": "string", + "description": "The specific level of permissions that have been granted to the user in the context of this membership. For more information, see our [support article](https://support.huntress.io/hc/en-us/articles/4404012728083-Huntress-Portal-User-Permissions) on permissions. Accepted values:\n", + "enum": [ + "Admin", + "Finance", + "Marketing", + "Read-only", + "Security Engineer", + "User" + ], + "example": "Security Engineer" + } + }, + "description": "Update a User's membership" + }, + "Organization": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64", + "example": 1, + "description": "A Huntress-unique identifier for the organization." + }, + "agents_count": { + "type": "integer", + "format": "int64", + "example": 42, + "description": "Number of all agents for the organization." + }, + "account_id": { + "type": "integer", + "format": "int64", + "example": 5, + "description": "The unique identifier of the account associated with the organization." + }, + "created_at": { + "type": "string", + "format": "date-time", + "example": "2022-03-01T18:54:02Z", + "description": "A timestamp for when the organization was created, formatted as per ISO-8601." + }, + "incident_reports_count": { + "type": "integer", + "format": "int64", + "example": 42, + "description": "Number of incident reports for the organization." + }, + "key": { + "type": "string", + "example": "test1", + "description": "The subdomain associated with the organization." + }, + "logs_sources_count": { + "type": "integer", + "format": "int64", + "example": 42, + "description": "Number of SIEM sources." + }, + "identity_provider_tenant_id": { + "type": "string", + "example": "dcd219dd-bc68-4b9b-bf0b-4a33a796be35", + "description": "The Identity Provider Tenant ID associated with the organization" + }, + "billable_identity_count": { + "type": "integer", + "format": "int64", + "example": 42, + "description": "Number of billable identities for the organization." + }, + "name": { + "type": "string", + "example": "Acme Inc.", + "description": "The public facing name for this organization." + }, + "report_recipients": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "test@test.com", + "fakenotificiation@test.com" + ], + "description": "A list of emails Huntress is configured to send notification emails for the organization." + }, + "sat_learner_count": { + "type": "integer", + "format": "int64", + "example": 42, + "description": "Number of SAT learners." + }, + "updated_at": { + "type": "string", + "format": "date-time", + "example": "2022-03-01T18:54:02Z", + "description": "A timestamp for when the organization was updated, formatted as per ISO-8601." + } + }, + "required": [ + "microsoft_365_tenant_id", + "microsoft_365_users_count", + "notify_emails" + ], + "description": "Organization model" + }, + "OrganizationCreationParameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the organization. Value cannot be blank and must be 256 characters or less.", + "example": "Most Amazing Company, Ltd." + }, + "key": { + "type": "string", + "description": "Organization keys are used to associate a Huntress Agent into a grouping. Value cannot be blank and must be 256 characters or less.", + "example": "amazing" + } + }, + "required": [ + "name", + "key" + ], + "description": "Create an Organization" + }, + "OrganizationUpdateParameters": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the organization. Value cannot be blank and must be 256 characters or less.", + "example": "Most Amazing Company, Ltd." + }, + "key": { + "type": "string", + "description": "Organization keys are used to associate a Huntress Agent into a grouping. Value cannot be blank and must be 256 characters or less.", + "example": "amazing" + }, + "report_recipients": { + "type": "array", + "description": "Any emails specified here will automatically receive quarterly and monthly branded reports.", + "example": [ + "vera@bradley.com", + "my@user.net" + ], + "items": null + } + }, + "description": "Update an Organization" + }, + "Remediation": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64", + "example": 1, + "description": "A unique identifier for a remediation." + }, + "type": { + "type": "string", + "example": "manual", + "description": "The type of the remediation. Can be one of: assisted, manual, containment" + }, + "action": { + "type": "string", + "example": "Delete File", + "description": "Description of the remediation's required steps." + }, + "parameters": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + { + "name": "path", + "description": "c:\\windows\\system32\\tasks\\malicious_task" + } + ], + "description": "Additional context on how the remediation will be performed.
For containment remediations, this will be a string showing the entity to which the remediation was applied.
For assisted remediations this will be an array of key value pairs representing all the parameters that are related to the remediation.
Manual remediations will have no information." + }, + "status": { + "type": "string", + "example": "completed", + "description": "The status of the remediation. Can be one of: unapproved, approved, completed, failed, cancelled" + }, + "approved_at": { + "type": "string", + "format": "date-time", + "example": "2025-06-26T18:57:03Z", + "description": "ISO-8601 formatted timestamp for when the remediation was approved." + }, + "approved_by": { + "$ref": "#/definitions/User", + "example": { + "id": 123123, + "name": "John Smith", + "email": "john.smith@example.com" + }, + "description": "The user that approved the remediation." + }, + "completed_at": { + "type": "string", + "format": "date-time", + "example": "2025-06-26T18:57:03Z", + "description": "ISO-8601 formatted timestamp for when the remediation was completed." + } + }, + "description": "Remediation model" + }, + "User": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64", + "example": 1, + "description": "A unique identifier for the user." + }, + "email": { + "type": "string", + "example": "john.smith@example.com", + "description": "The user's email." + }, + "name": { + "type": "string", + "example": "John Smith", + "description": "The user's name." + } + } + }, + "RemediationBulkRejectionParameters": { + "type": "object", + "properties": { + "comment": { + "type": "string", + "description": "A description of why the remediations were rejected. This explanation helps Huntress SOC analysts fix the remediation plan and re-issue the incident report." + }, + "useful": { + "type": "boolean", + "description": "Whether or not the remediation plan was useful." + }, + "name": { + "type": "string", + "description": "Name of the user rejecting the remediations. Falls back to the user attached to the API key if not provided." + }, + "phone_number": { + "type": "string", + "description": "Phone number to be contacted by the Huntress SOC. Falls back to the phone number of the user attached to the API key if not provided." + }, + "email": { + "type": "string", + "description": "Email to be contacted by the Huntress SOC. Falls back to the email of the user attached to the API key if not provided." + } + }, + "required": [ + "comment", + "useful" + ], + "description": "Bulk Reject Remediations Remediations" + }, + "SummaryReport": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64", + "example": 1, + "description": "A unique identifier for the summary report." + }, + "agents_count": { + "type": "integer", + "format": "int64", + "example": 2, + "description": "The number of agents deployed." + }, + "allowed_exclusions_count": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The number of allowed exclusions." + }, + "analyst_note": { + "type": "string", + "example": "Everything is awesome! Thanks for using Huntress.", + "description": "The analyst note for this report." + }, + "antivirus_exclusions_count": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The number of antivirus exclusions." + }, + "autorun_events": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The total number of autorun (auto-starting application) events in this report." + }, + "autorun_signals_detected": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The total number of autorun (auto-starting application) signals detected" + }, + "autorun_signals_reviewed": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The number of autorun signals (auto-starting application) reviewed." + }, + "autoruns_reviewed": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "A count of all the autoruns (auto-starting application) reviewed." + }, + "blocked_malware_count": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "A count of blocked malware." + }, + "created_at": { + "type": "string", + "format": "date-time", + "example": "2022-03-01T20:56:15Z", + "description": "ISO-8601 formatted timestamp for when this summary report was created." + }, + "deployed_canaries_count": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The number of canaries deployed." + }, + "events_analyzed": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "A count of the events analyzed." + }, + "global_threats_note": { + "type": "string", + "example": "World peace! No threats to see here.", + "description": "The global threats note for this report." + }, + "host_processes_analyzed": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "A count of host processes analyzed." + }, + "incident_indicator_counts": { + "type": "Object", + "example": { + "managed_av": 0 + }, + "description": "A map of incident indicators (as strings) to counts (as integers)." + }, + "incident_log": { + "type": "array", + "items": { + "type": "string" + }, + "example": [], + "description": "A JSON representation of any critical or high severity incidents from this report." + }, + "incident_product_counts": { + "type": "Object", + "example": { + "edr": 16, + "itdr": 0, + "siem": 0 + }, + "description": "A map of product names (as strings) to counts (as integers)." + }, + "incident_severity_counts": { + "type": "Object", + "example": { + "low": 16 + }, + "description": "A map of incident severities (as strings) to counts (as integers)." + }, + "incidents_reported": { + "type": "integer", + "format": "int64", + "example": 16, + "description": "The total number of incidents reported." + }, + "incidents_resolved": { + "type": "integer", + "format": "int64", + "example": 1, + "description": "The total number of incidents resolved." + }, + "investigated_mav_detection_count": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "A count of investigated Managed Antivirus (MAV) detections." + }, + "investigations_completed": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The total number of investigations completed in this report." + }, + "itdr_entities": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "A count of Identity Threat Detection Response entities" + }, + "itdr_events": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "A count of Identity Threat Detection Response events" + }, + "itdr_incidents_reported": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The number of Identity Threat Detection Response incidents reported" + }, + "itdr_investigations_completed": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "A count of Identity Threat Detection Response investigations completed" + }, + "itdr_signals": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The total number of Identity Threat Detection Response signals" + }, + "macos_agent_count": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The number of MacOS agents." + }, + "macos_agents": { + "type": "boolean", + "example": false, + "description": "Indicates whether there are _any_ MacOS agents." + }, + "mav_incident_report_count": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "A count of Managed Antivirus (MAV) incident reports." + }, + "new_exclusions_count": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The number of new exclusions since the last summary report." + }, + "only_macos_agents": { + "type": "boolean", + "example": false, + "description": "Indicates whether there are _only_ MacOS agents." + }, + "organization_id": { + "type": "integer", + "format": "int64", + "example": 7, + "description": "Unique identifier for the organization this summary report is associated with." + }, + "period": { + "type": "string", + "example": "2022-02-01...2022-03-02", + "description": "A date range representing the coverage of the report, formatted as `start_date...end_date`." + }, + "potential_threat_indicators": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "A count of the potential threat indicators." + }, + "process_detections": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The total number of process detections." + }, + "process_detections_reported": { + "type": "integer", + "format": "int64", + "example": 0, + "description": " A count of the process detections reported." + }, + "process_detections_reviewed": { + "type": "integer", + "format": "int64", + "example": 0, + "description": " A count of the process detections reviewed." + }, + "protected_profiles_count": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The number of protected profiles." + }, + "ransomware_note": { + "type": "string", + "example": "No ransoms to report, all is well.", + "description": "The ransomware note for this report." + }, + "risky_exclusions_removed_count": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The number of risky exclusions removed." + }, + "servers_agent_count": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The number of server agents." + }, + "siem_incidents_reported": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The number of Security Information & Event Management incidents reported" + }, + "siem_ingested_logs": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "A count of Security Information & Event Management ingested logs" + }, + "siem_investigations_completed": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "A count of Security Information & Event Management signals that have been investigated" + }, + "siem_signals": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "The total number of Security Information & Event Management signals" + }, + "siem_total_logs": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "A count of Security Information & Event Management total logs" + }, + "signals_detected": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "A count of total signals detected." + }, + "signals_investigated": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "A count of total signals investigated." + }, + "top_incident_av_threats": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "some_threat", + "another_threat", + "threats_threats_threats" + ], + "description": "A list of the top av threats." + }, + "top_incident_hosts": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + "some_host", + "another_host", + "hosts_hosts_hosts" + ], + "description": "A list of the top hosts by number of incidents." + }, + "total_entities": { + "type": "integer", + "format": "int64", + "example": 2, + "description": "A count of the total entities included in this report." + }, + "total_mav_detection_count": { + "type": "integer", + "format": "int64", + "example": 0, + "description": "A count of the Managed Antivirus (MAV) detections." + }, + "type": { + "type": "string", + "example": "monthly_summary", + "description": "The report type. Can be one of `monthly_summary`, `quarterly_summary`, `yearly_summary`." + }, + "updated_at": { + "type": "string", + "format": "date-time", + "example": "2022-03-01T20:56:15Z", + "description": "ISO-8601 formatted timestamp for when this summary report was last updated." + }, + "url": { + "type": "string", + "example": "https://huntress.io/rails/active_storage/blobs/redirect/uuid.pdf?disposition=download", + "description": "The direct url to the pdf version of this summary report." + }, + "windows_agent_count": { + "type": "integer", + "format": "int64", + "example": 2, + "description": "The number of Windows agents." + }, + "windows_agents": { + "type": "boolean", + "example": true, + "description": "Indicates whether there are _any_ Windows agents." + } + }, + "description": "SummaryReport model" + }, + "Signal": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64", + "example": 1, + "description": "A unique identifier for the signal." + }, + "created_at": { + "type": "string", + "format": "date-time", + "example": "2025-06-26T18:57:03Z", + "description": "ISO-8601 formatted timestamp for when this signal was created." + }, + "details": { + "type": "object", + "example": { + "rule_name": "Firewall Disabled via Netsh", + "username": "admin22", + "process_name": "C:\\WINDOWS\\system32\\netsh.exe", + "command_line": "NetSh.exe Advfirewall set allprofiles state off", + "registry_key": "", + "file_path": "", + "file_rename_target": "", + "cleartext": "" + }, + "description": "Additional details attached to this signal. These details differ based on the signal type and contain information about where the signal originated." + }, + "entity": { + "type": "object", + "example": { + "id": 72183, + "name": "Laptop 52", + "type": "agent" + }, + "description": "Additional details about the entity from which the signal originated. This will always contain an ID, Type and Name." + }, + "investigated_at": { + "type": "string", + "example": "2025-06-26T18:57:03Z", + "description": "ISO-8601 formatted timestamp for when this signal was investigated." + }, + "investigation_context": { + "type": "string", + "example": "False Positive, Business Accepted Risk", + "description": "Represents categories attached to the signal by a SOC analyst which give extra insight on the investigation." + }, + "name": { + "type": "string", + "example": "Firewall Disabled via Netsh", + "description": "The name of the signal." + }, + "organization": { + "type": "object", + "example": { + "id": 232, + "name": "Huntress" + }, + "description": "Contains information about the organization this signal came from. Includes the organization ID and name." + }, + "status": { + "type": "string", + "example": "closed", + "description": "The status of the signal. Can be one of: `reported`, `closed`" + }, + "type": { + "type": "string", + "example": "Process Insights", + "description": "The type of the signal. Can be one of: user_entity, source, mailbox, service_principal, agent, identity" + }, + "updated_at": { + "type": "string", + "format": "date-time", + "example": "2025-06-26T18:57:03Z", + "description": "ISO-8601 formatted timestamp for when this signal was last updated." + } + }, + "description": "Signal model" + }, + "Actor": { + "type": "object", + "properties": { + "reseller": { + "type": "Object", + "example": { + "id": 12345, + "name": "ResellerCo" + }, + "description": "Information about the reseller associated with the supplied API credentials (if any)." + }, + "account": { + "type": "Object", + "example": { + "id": 12345, + "name": "Huntress", + "subdomain": "huntress", + "status": "enabled" + }, + "description": "Information about the account associated with the supplied API credentials (if any)." + }, + "user": { + "type": "Object", + "example": { + "id": 12345, + "email": "email@example.com", + "name": "Your User" + }, + "description": "Information about the user associated with the supplied API credentials (if any)." + } + }, + "description": "Actor model" + }, + "Escalation": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64", + "example": 84938, + "description": "A Huntress-unique identifier for the escalation." + }, + "account": { + "type": "Account", + "example": { + "id": 1, + "name": "Your Account Name" + }, + "description": "The Account the escalation pertains to." + }, + "organizations": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + { + "id": 1234, + "name": "ExampleCo" + } + ], + "description": "An array of Organizations this escalation pertains to" + }, + "created_at": { + "type": "string", + "format": "date-time", + "example": "2025-09-05T18:20:34Z", + "description": "ISO-8601 formatted timestamp for when this escalation was created." + }, + "resolved_at": { + "type": "string", + "format": "date-time", + "example": "2025-09-05T18:20:34Z", + "description": "ISO-8601 formatted timestamp for when this escalation was resolved." + }, + "severity": { + "type": "string", + "enum": [ + "low", + "high", + "critical" + ], + "example": "low", + "description": "The severity of the escalation." + }, + "status": { + "type": "string", + "enum": [ + "open", + "sent", + "resolved" + ], + "example": "resolved", + "description": "The status of the Escalation" + }, + "subject": { + "type": "string", + "example": "Defender Disabled", + "description": "The subject of the Escalation" + }, + "type": { + "type": "string", + "example": "Environmental Issue", + "description": "The type of the Escalation" + }, + "updated_at": { + "type": "string", + "format": "date-time", + "example": "2025-09-05T18:20:34Z", + "description": "ISO-8601 formatted timestamp for when this escalation was last updated." + } + }, + "required": [ + "id", + "account", + "organizations", + "created_at", + "resolved_at", + "severity", + "status", + "subject", + "type", + "updated_at" + ], + "description": "Escalation model" + }, + "EscalationWithEntities": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64", + "example": 84938, + "description": "A Huntress-unique identifier for the escalation." + }, + "account": { + "type": "Account", + "example": { + "id": 1, + "name": "Your Account Name" + }, + "description": "The Account the escalation pertains to." + }, + "organizations": { + "type": "array", + "items": { + "type": "string" + }, + "example": [ + { + "id": 1234, + "name": "ExampleCo" + } + ], + "description": "An array of Organizations this escalation pertains to" + }, + "created_at": { + "type": "string", + "format": "date-time", + "example": "2025-09-05T18:20:34Z", + "description": "ISO-8601 formatted timestamp for when this escalation was created." + }, + "resolved_at": { + "type": "string", + "format": "date-time", + "example": "2025-09-05T18:20:34Z", + "description": "ISO-8601 formatted timestamp for when this escalation was resolved." + }, + "severity": { + "type": "string", + "enum": [ + "low", + "high", + "critical" + ], + "example": "low", + "description": "The severity of the escalation." + }, + "status": { + "type": "string", + "enum": [ + "open", + "sent", + "resolved" + ], + "example": "resolved", + "description": "The status of the Escalation" + }, + "subject": { + "type": "string", + "example": "Defender Disabled", + "description": "The subject of the Escalation" + }, + "type": { + "type": "string", + "example": "Environmental Issue", + "description": "The type of the Escalation" + }, + "updated_at": { + "type": "string", + "format": "date-time", + "example": "2025-09-05T18:20:34Z", + "description": "ISO-8601 formatted timestamp for when this escalation was last updated." + }, + "entities": { + "type": "Object", + "example": { + "total_count": 1, + "has_more": false, + "items": [ + { + "id": 1, + "type": "Agent", + "details": { + "hostname": "laptop01", + "platform": "windows", + "os": "Windows 8 Pro", + "last_callback_at": "2025-09-05T18:20:35Z" + } + } + ] + }, + "description": "Object containing information about Entities associated with the escalation." + } + }, + "required": [ + "id", + "account", + "organizations", + "created_at", + "resolved_at", + "severity", + "status", + "subject", + "type", + "updated_at", + "entities" + ], + "description": "EscalationWithEntities model" + }, + "EscalationResolutionParameters": { + "type": "object", + "properties": { + "determination": { + "type": "string", + "description": "Determination is only used for Unwanted Country Access and Unwanted VPN Access Escalations. This field determines whether **all** the associated identities are expected or unauthorized.", + "enum": [ + "expected", + "unauthorized" + ] + }, + "scope": { + "type": "string", + "description": "Scope is used only for Unwanted Access Escalations. This determines what kinds of access rules are created in response to the Escalation. This parameter is better explained using an example:\nIn the scenario when `email123@example.com` logs in from Russia and the determination is `unauthorized`:\n\nWhen the scope is `identity`:\n\nRules created based on the resolution will only apply to the identities associated with the Escalation. In this case a rule will be created specifically preventing `email123@example.com` from logging in from Russia.\n\nWhen the scope is `organization`:\n\nRules created based on the resolution will apply to all identities in the organization. In this case all logins from Russia will be prevented across the organization.\n\nWhen the scope is `account`:\n\nRules created based on the resolution will apply to all identities on the account. In this case all logins from Russia will be prevented across the account.\n", + "enum": [ + "account", + "organization", + "identity" + ] + } + }, + "description": "Create an Escalation Resolution" + } + } +} \ No newline at end of file From 1763b53eeccf287109e477678f298cde731a69ea Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Thu, 9 Apr 2026 17:20:04 +0100 Subject: [PATCH 03/13] plugin restructure --- .github/CODEOWNERS | 1 + .../{agents.json => agents.dash.json} | 0 .../{incidents.json => incidents.dash.json} | 0 .../Huntress/v1/defaultContent/manifest.json | 12 + .../Huntress/v1/defaultContent/scopes.json | 1 + plugins/Huntress/v1/docs/README.md | 4 +- .../v1/docs/huntress-api-reference.json | 6814 ----------------- .../{agents.json => default.json} | 0 plugins/Huntress/v1/metadata.json | 4 +- plugins/Huntress/v1/ui.json | 6 +- 10 files changed, 20 insertions(+), 6822 deletions(-) rename plugins/Huntress/v1/defaultContent/{agents.json => agents.dash.json} (100%) rename plugins/Huntress/v1/defaultContent/{incidents.json => incidents.dash.json} (100%) create mode 100644 plugins/Huntress/v1/defaultContent/manifest.json create mode 100644 plugins/Huntress/v1/defaultContent/scopes.json delete mode 100644 plugins/Huntress/v1/docs/huntress-api-reference.json rename plugins/Huntress/v1/indexDefinitions/{agents.json => default.json} (100%) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 498bd01..7c1388c 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -5,6 +5,7 @@ # Request review from original author plugins/DigiCert/* @shaswot77 +plugins/Huntress/* @Deenk plugins/FantasyPremierLeague/* @TimWheeler-SQUP plugins/GoogleSheets/* @kieranlangton plugins/MetOffice/* @blackgrouse diff --git a/plugins/Huntress/v1/defaultContent/agents.json b/plugins/Huntress/v1/defaultContent/agents.dash.json similarity index 100% rename from plugins/Huntress/v1/defaultContent/agents.json rename to plugins/Huntress/v1/defaultContent/agents.dash.json diff --git a/plugins/Huntress/v1/defaultContent/incidents.json b/plugins/Huntress/v1/defaultContent/incidents.dash.json similarity index 100% rename from plugins/Huntress/v1/defaultContent/incidents.json rename to plugins/Huntress/v1/defaultContent/incidents.dash.json diff --git a/plugins/Huntress/v1/defaultContent/manifest.json b/plugins/Huntress/v1/defaultContent/manifest.json new file mode 100644 index 0000000..943d84a --- /dev/null +++ b/plugins/Huntress/v1/defaultContent/manifest.json @@ -0,0 +1,12 @@ +{ + "items": [ + { + "name": "agents", + "type": "dashboard" + }, + { + "name": "incidents", + "type": "dashboard" + } + ] +} diff --git a/plugins/Huntress/v1/defaultContent/scopes.json b/plugins/Huntress/v1/defaultContent/scopes.json new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/plugins/Huntress/v1/defaultContent/scopes.json @@ -0,0 +1 @@ +[] diff --git a/plugins/Huntress/v1/docs/README.md b/plugins/Huntress/v1/docs/README.md index 1322149..3b03234 100644 --- a/plugins/Huntress/v1/docs/README.md +++ b/plugins/Huntress/v1/docs/README.md @@ -1,6 +1,6 @@ -# Adding the Huntress Plugin +# Before you start -To connect SquaredUp to your Huntress Managed Security Platform, you will need to generate API credentials. +To connect SquaredUp to Huntress, you will need to generate API credentials. ## Generating Huntress API Credentials diff --git a/plugins/Huntress/v1/docs/huntress-api-reference.json b/plugins/Huntress/v1/docs/huntress-api-reference.json deleted file mode 100644 index 25bfba2..0000000 --- a/plugins/Huntress/v1/docs/huntress-api-reference.json +++ /dev/null @@ -1,6814 +0,0 @@ -{ - "info": { - "title": "Huntress API Reference", - "description": "\n

© Huntress - All rights reserved

\n

Introduction

\n

The Huntress API follows a RESTful pattern. Requests are made via resource-oriented URLs as described in this document and API responses are formatted as JSON data.

\n\n

If you'd like to request additional API endpoints or capabilities, submit feedback through our feedback portal.

\n

API Overview

\n
\n\t

Authentication

\n
$KEY = echo \"$HUNTRESS_PUBLIC_KEY:$HUNTRESS_PRIVATE_KEY\" | base64\ncurl \"https://api.huntress.io/v1/agents\" \\ -H \"Authorization: Basic $KEY\"\n
\n
\n

To begin, generate your API Key at <your_account_subdomain>.huntress.io. Once you are logged into your account on the Huntress site, check the dropdown menu at the top-right corner of the site header. You should see API Credentials among the options if your account has been granted access to the Huntress API. Click on the option to continue to the API Key generation page.

\n\n

Once on the API Key generation page, click on the green Setup button to begin the process to generate your API Key. You will be redirected to a page where you will be prompted to generate your API Key. Click the Generate button to generate a public and private key pair for Huntress API access. The inputs on the page will be filled in with your access credentials once you have done so.

\n\n

Your API Private Key will only be visible at this stage of API Key generation. Be sure to save the value provided somewhere secure, as once you navigate away from this page, this value will no longer be accessible and you must regenerate your API credentials if your secret key value is lost.

\n\n

If necessary, you can repeat the process to regenerate your API credentials with a new API Key and API Secret Key on the same API Key generation page, at <your_account_subdomain>.huntress.io/account/api_credentials.

\n\n

The Huntress API implements basic access authentication. Once you have your API Key and API Secret Key, provide these values as the result of a Base64 encoded string in every request to the Huntress API via the Authorization header. Your request header should look something like Authorization: Basic [Base64Encode(<your_api_key>:<your_api_secret_key>)]. Please refer to the code snippets for further examples.

\n
\n
\n\t

Rate Limits

\n

Every Huntress API account is rate limited to 60 requests per minute, on a sliding window. This means that no more than 60 requests can be made within a 60 second time interval between the first request and the last request.

\n\n

For example, if request 1 is made at T0, request 2 is made at T5, and requests 3 through 60 are made at T10, making request 61 at T55 would result in a 429 error response. Making request 61 at T61 would succeed, however making request 62 at T61 would fail, at least until the time has passed T65, corresponding to a minute after request 2 was made.

\n
\n
\n\t

HTTP Response Codes

\n

Huntress follows HTTP standards when delivering responses: a 2xx response is a success, a 4xx response indicates an issue with the client request, and a 5xx response indicates an issue with Huntress servers.\n
\n
\nSpecific error codes are detailed in the following table:

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Error Status CodeDetails
400There is an unexpected value in the API request being made.
401Your request could not be authenticated. Check that your API key is properly formatted and included in the Authorization header.
404The requested resource is unavailable: either it doesn't exist, or your account does not hold correct permissions to access it.
429You have made too many requests within the rate limit timeframe. See the previous section on rate_limits for details.
500

An error has occurred within Huntress servers.

You could retry the request, but if you encounter continued errors, please contact Support with details of your error. If all traffic from Huntress is resulting in 500 responses, please check our Huntress Status Page.

\n
\n
\n\t

Pagination

\n

Certain Huntress API endpoints utilize a page_token and limit parameter to specify a window location and size, respectively, to the resources currently being requested.\n

\nEach API request will also return a pagination object with details about your current pagination state based on the parameters provided. The pagination object contains:

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
KeyTypeDescription
next_page_tokenstringThe token used to request the next page in paginated results. If no page token is included, the first page contains all results.
next_page_urlstringURL containing the next page and the limit provided in the original API request, to be used to continue sequentially accessing resources. Only displays when another page can be accessed.
\n
\n

Following is a formatted example of the pagination object in an API response:
\n

\n
\n\"pagination\": {\n  \"next_page_url\": \"https://api.huntress.io/v1/agents?page_token=MjAyMi0wMy0wMVQxODo1NDoyNFo&limit=10\",\n  \"next_page_token\": \"MjAyMi0wMy0wMVQxODo1NDoyNFo\"\n}
\n
\n
\n
\n\t

Request and Response Format

\n\t
\n\t\t

Request

\n\t
\n
\ncurl \"https://api.huntress.io/v1/agents?organization_id=1&page_token=MjAyMi0wMy0wMVQxODo1NDoyNFo\" -H \"Authorization: Basic <Your B64 encoded hash>\"
\n\t

The base URL for API requests is api.huntress.io/v1/, followed by the resource requested. Resources can be requested either singularly or as a list, which correspond to /v1/<resources>/:id or /v1/<resources> respectively, with the exception of the /v1/account and /v1/actor endpoints, which only returns the account associated with the API credentials provided.

\n\t

As an example, api.huntress.io/v1/agents would return a list of agents, while api.huntress.io/v1/agents/1 would return a singular agent with ID: 1.

\n\t

Parameters are provided to the API through a query string. As an example, providing the organization_id filter as a parameter to the /v1/agents endpoint would look like api.huntress/io/v1/agents?organization_id=1. Accessing a sequential page with the same filter active would look like api.huntress.io/v1/agents?organization_id=1&page_token=MjAyMi0wMy0wMVQxODo1NDoyNFo.

\n\t
\n\t
\n\t\t

Response

\n\t

The Huntress API responds with a JSON object containing requested resources if the request is valid and authorized.

\n\t

Singular Case

\n\t
\n\t
{\n  \"report\": { ... }\n}\n
\n\t

In the case of accessing a singular resource, the JSON object in question will contain one key that maps the singular resource to the singular representation of the resource name. As an example, if you were to request api.huntress.io/v1/reports/1, the JSON response would contain a single key report that maps to the report with ID: 1.

\n\t

Multiple Case

\n
{\n  \"reports\": [ ... ],\n  \"pagination\": { ... }\n}\n
\n\t

When accessing a list of resources, the JSON response contains two keys at the root level. The first key is the plural representation of that resource. The second is a pagination key that represents the current state of pagination based on parameters provided in the original request. As an example, a request to api.huntress.io/v1/reports returns a JSON object with the keys reports and pagination at its root level. Further details on the fields within the pagination object can be seen at the relevant section.

\n\t
\n
\n", - "version": "1.0.0" - }, - "swagger": "2.0", - "produces": [ - "application/json" - ], - "securityDefinitions": { - "basic_auth": { - "type": "basic", - "desc": "Base 64 encoded string of your Huntress Account API key and API secret." - } - }, - "security": [ - { - "basic": [ - "basic_auth" - ] - } - ], - "host": "api.huntress.io", - "schemes": [ - "https" - ], - "tags": [ - { - "name": "Accounts", - "description": "Operations about Accounts" - }, - { - "name": "Actor", - "description": "Operations about Actors" - }, - { - "name": "Agents", - "description": "Operations about Agents" - }, - { - "name": "Invoices", - "description": "Operations about Invoices" - }, - { - "name": "Escalations", - "description": "Operations about Escalations" - }, - { - "name": "External Recon", - "description": "Operations about External Recons" - }, - { - "name": "Incident Reports", - "description": "Operations about Incident Reports" - }, - { - "name": "Users", - "description": "Operations about Users" - }, - { - "name": "Organizations", - "description": "Operations about Organizations" - }, - { - "name": "Summary Reports", - "description": "Operations about Summary Reports" - }, - { - "name": "Signals", - "description": "Operations about Signals" - }, - { - "name": "Reseller", - "description": "Operations for Reseller-level API credentials. These are mostly the same endpoints available in the rest of the API. However, the account ID is included in the URL, so that you can specify which account's resources you want to access." - }, - { - "name": "SIEM", - "description": "Query your SIEM logs programmatically using ES|QL (Elasticsearch Query Language)." - } - ], - "paths": { - "/v1/reseller/invoices": { - "get": { - "summary": "List Reseller Invoices", - "description": "Shows Invoices associated with the current reseller.\n\n**Note:** To see the details of a given invoice, you will\nprobably want to also fetch the associated Account Usage Line Items and\nOrganization Usage Line Items.\n\n**Note:** This endpoint will also return a `pagination` key on the root\nlevel. Please refer to the [pagination\nsection](https://api.huntress.io/docs#pagination) within our docs for\nmore information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "status", - "description": "Filter by status. One of open, paid, failed, partial_refund, full_refund, draft, voided", - "type": "string", - "enum": [ - "open", - "paid", - "failed", - "partial_refund", - "full_refund", - "draft", - "voided" - ], - "required": false - } - ], - "responses": { - "200": { - "description": "List Reseller Invoices", - "schema": { - "type": "object", - "properties": { - "invoices": { - "type": "array", - "items": { - "$ref": "#/definitions/Invoice" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "invoices", - "pagination" - ] - } - }, - "400": { - "description": "Invalid query parameters" - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Invoice" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1ResellerInvoices" - } - }, - "/v1/reseller/invoices/{id}": { - "get": { - "summary": "Get Reseller Invoice", - "description": "Shows a specific Reseller Invoice associated with the current\nreseller.\n\nNote: To see the details of this invoice, you will probably\nwant to also fetch the associated Account Usage Line Items and\nOrganization Usage Line Items.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Reseller Invoice", - "schema": { - "$ref": "#/definitions/Invoice" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Invoice" - } - }, - "404": { - "description": "Invoice not found" - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1ResellerInvoicesId" - } - }, - "/v1/reseller/invoices/{id}/account_usage_line_items": { - "get": { - "summary": "List Account Usage Line Items", - "description": "Shows a list of Account Usage Line Items.\n\nThis list provides a detailed breakdown of product usage per account from a given invoice.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - } - ], - "responses": { - "200": { - "description": "List Account Usage Line Items", - "schema": { - "type": "object", - "properties": { - "type": "object", - "properties": { - "account_usage_line_items": { - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - } - } - }, - "required": [ - "account_usage_line_items", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/AccountUsageLineItem" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1ResellerInvoicesIdAccountUsageLineItems" - } - }, - "/v1/reseller/invoices/{id}/organization_usage_line_items": { - "get": { - "summary": "List Organization Usage Line Items", - "description": "Shows a list of Organization Usage Line Items.\n\nThis list provides a detailed breakdown of product usage per organization from a given invoice.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - } - ], - "responses": { - "200": { - "description": "List Organization Usage Line Items", - "schema": { - "type": "object", - "properties": { - "organization_usage_line_items": { - "type": "array", - "items": { - "$ref": "#/definitions/OrganizationUsageLineItem" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "organization_usage_line_items", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/OrganizationUsageLineItem" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1ResellerInvoicesIdOrganizationUsageLineItems" - } - }, - "/v1/reseller/subscriptions": { - "get": { - "summary": "List Reseller Subscriptions", - "description": "Shows subscriptions associated with the current reseller's managed accounts.\n\n**Note:** This endpoint will also return a `pagination` key on the root\nlevel. Please refer to the [pagination\nsection](https://api.huntress.io/docs#pagination) within our docs for\nmore information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "product", - "description": "Filter by product type", - "type": "string", - "enum": [ - "edr", - "sat", - "itdr", - "siem" - ], - "required": false - }, - { - "in": "query", - "name": "status", - "description": "Filter by status", - "type": "string", - "enum": [ - "draft", - "approved", - "accepted", - "active", - "completed" - ], - "required": false - } - ], - "responses": { - "200": { - "description": "List Reseller Subscriptions", - "schema": { - "type": "object", - "properties": { - "subscriptions": { - "type": "array", - "items": { - "$ref": "#/definitions/Subscription" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "subscriptions", - "pagination" - ] - } - }, - "400": { - "description": "Invalid query parameters" - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Subscription" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1ResellerSubscriptions" - }, - "post": { - "summary": "Create Reseller Subscription", - "description": "Creates a subscription for a product on a reseller-managed account.\n\n**Note:** This endpoint only allows the creation of subscriptions that\nuse the default terms, conditions, and pricing. Please contact your\naccount admin for any terms that are not covered by our standard API.\n", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "name": "SubscriptionCreationParameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/SubscriptionCreationParameters" - } - } - ], - "responses": { - "201": { - "description": "Create Reseller Subscription", - "schema": { - "$ref": "#/definitions/Subscription" - } - }, - "400": { - "description": "Invalid parameters" - }, - "404": { - "description": "Record not found (likely the account)" - }, - "422": { - "description": "Could not create subscription" - } - }, - "tags": [ - "Reseller" - ], - "operationId": "SubscriptionCreationParameters" - } - }, - "/v1/reseller/subscriptions/{id}": { - "get": { - "summary": "Get Reseller Subscription", - "description": "Shows details on a single subscription associated with the current reseller's managed accounts.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Reseller Subscription", - "schema": { - "type": "object", - "properties": { - "subscription": { - "$ref": "#/definitions/Subscription" - } - } - } - }, - "400": { - "description": "Something about the request is malformed." - }, - "404": { - "description": "Record not found." - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1ResellerSubscriptionsId" - }, - "patch": { - "summary": "Update Reseller Subscription", - "description": "Updates a subscription associated with the current reseller's managed accounts.\n\nFor **approved** subscriptions: updates minimum, billing_interval, and purchase_order.\n\nFor **active** subscriptions: toggles `auto_renew` and/or adds units via `additional_units` (with optional `purchase_order`).\n", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "name": "SubscriptionUpdateParameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/SubscriptionUpdateParameters" - } - } - ], - "responses": { - "200": { - "description": "Update Reseller Subscription", - "schema": { - "$ref": "#/definitions/Subscription" - } - }, - "400": { - "description": "Something about the request is malformed." - }, - "404": { - "description": "Record not found." - }, - "409": { - "description": "Subscription is not in a valid status for this update." - }, - "422": { - "description": "Could not update subscription." - } - }, - "tags": [ - "Reseller" - ], - "operationId": "SubscriptionUpdateParameters" - } - }, - "/v1/reseller/subscriptions/{id}/upgrade": { - "post": { - "summary": "Upgrade Reseller Subscription", - "description": "Upgrades an active subscription by creating a new subscription with a\nhigher minimum and/or price tier, replacing the existing one.\n\nThis is modeled as a sub-resource because the operation creates a new\nsubscription record rather than modifying the existing one in place.\n", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "name": "SubscriptionUpgradeParameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/SubscriptionUpgradeParameters" - } - } - ], - "responses": { - "201": { - "description": "Upgrade Reseller Subscription", - "schema": { - "$ref": "#/definitions/Subscription" - } - }, - "400": { - "description": "Something about the request is malformed." - }, - "404": { - "description": "Record not found." - }, - "422": { - "description": "Could not upgrade subscription." - } - }, - "tags": [ - "Reseller" - ], - "operationId": "SubscriptionUpgradeParameters" - } - }, - "/v1/siem/query": { - "post": { - "summary": "Execute ESQL Query", - "description": "Execute an ESQL query against your SIEM logs and receive paginated JSON results.\n\nThis endpoint uses POST so that the ESQL query string can be sent in the request body\nrather than as a URL query parameter, avoiding URL length limits for complex queries.\n\nQueries must begin with `FROM logs`. Results are limited to 200 rows per page.\nIf `next_page_token` is present, pass it as `page_token` in a subsequent request\n(with the same `range_start` and `range_end`) to retrieve the next page.\n\n**Response**\n\nReturns a JSON object with two top-level keys:\n\n- `logs` — Array of objects. Each object represents one log record. Keys are ECS field\n names (e.g. `event.provider`, `host.hostname`). The fields present depend on the columns\n selected by your ESQL query (e.g. a `KEEP` command). With no column selection, all\n available ECS fields are returned.\n\n- `pagination` — Object. Contains `next_page_token` (string) when additional results are\n available; empty object `{}` when all results have been returned. Pass `next_page_token`\n as `page_token` in your next request to retrieve the following page.\n", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "name": "postV1SiemQuery", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/postV1SiemQuery" - } - } - ], - "responses": { - "200": { - "description": "Query executed successfully.", - "schema": { - "$ref": "#/definitions/SiemQueryResult" - } - }, - "400": { - "description": "Missing or invalid request parameters." - }, - "401": { - "description": "Authentication credentials are missing or invalid." - }, - "404": { - "description": "SIEM query feature is not enabled for this account." - }, - "408": { - "description": "Query timed out." - }, - "413": { - "description": "Query exceeded memory limit." - }, - "422": { - "description": "Invalid ESQL query or query parameters." - } - }, - "tags": [ - "SIEM" - ], - "operationId": "postV1SiemQuery" - } - }, - "/v1/account": { - "get": { - "summary": "Get Account", - "description": "Shows details of the top-level Huntress Account associated with your API credentials.", - "produces": [ - "application/json" - ], - "responses": { - "200": { - "description": "Get Account", - "schema": { - "$ref": "#/definitions/Account" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Account" - } - } - }, - "tags": [ - "Accounts" - ], - "operationId": "getV1Account" - } - }, - "/v1/accounts": { - "get": { - "summary": "List Accounts", - "description": "Shows all accounts associated with your API credentials.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - } - ], - "responses": { - "200": { - "description": "List Accounts", - "schema": { - "type": "object", - "properties": { - "accounts": { - "type": "array", - "items": { - "$ref": "#/definitions/Account" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "accounts", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Account" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1Accounts" - }, - "post": { - "summary": "Create Account", - "description": "Create a new account under the reseller associated with the supplied API credential.", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "name": "AccountCreationParameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/AccountCreationParameters" - } - } - ], - "responses": { - "201": { - "description": "Create Account", - "schema": { - "$ref": "#/definitions/Account" - } - }, - "400": { - "description": "Invalid account creation parameters" - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Account" - } - }, - "409": { - "description": "Current reseller cannot create accounts, possibly because payment details have not been provided" - }, - "422": { - "description": "Could not create account" - } - }, - "tags": [ - "Reseller" - ], - "operationId": "AccountCreationParameters" - } - }, - "/v1/accounts/{account_id}": { - "get": { - "summary": "Get Specific Account", - "description": "Shows the details of a specific account which your API credentials grant access to.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "description": "Account ID for an account associated with your API credentials", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Specific Account", - "schema": { - "$ref": "#/definitions/Account" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Account" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountId" - }, - "patch": { - "summary": "Update Account", - "description": "Updates the details of a specific account.", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "name": "AccountUpdateParameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/AccountUpdateParameters" - } - } - ], - "responses": { - "200": { - "description": "Update Account", - "schema": { - "$ref": "#/definitions/Account" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Account" - } - }, - "422": { - "description": "Invalid parameters or unable to update model" - } - }, - "tags": [ - "Reseller" - ], - "operationId": "AccountUpdateParameters" - }, - "delete": { - "summary": "Permanently Disable an Account", - "description": "Marks the account as disabled and will be deleted after 10 days from initial request.\n\n**Please Note:** This is irreversible and will uninstall all of the agents for this account, as well as completing other similar operations. \n[Contact support](https://support.huntress.io/hc/en-us) if this was done unintentionally.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "description": "Account ID for deletion.", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "202": { - "description": "Permanently Disable an Account", - "schema": { - "$ref": "#/definitions/Account" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Account" - } - }, - "422": { - "description": "Account failed to be disabled." - } - }, - "tags": [ - "Reseller" - ], - "operationId": "deleteV1AccountsAccountId" - } - }, - "/v1/accounts/{account_id}/agents": { - "get": { - "summary": "List Agents", - "description": "Shows Agents associated with your account.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "organization_id", - "description": "Filter by organization ID within Huntress account", - "type": "integer", - "format": "int32", - "required": false - }, - { - "in": "query", - "name": "platform", - "description": "Filter by platform. One of windows, darwin, linux", - "type": "string", - "enum": [ - "windows", - "darwin", - "linux" - ], - "required": false - } - ], - "responses": { - "200": { - "description": "List Agents", - "schema": { - "type": "object", - "properties": { - "agents": { - "type": "array", - "items": { - "$ref": "#/definitions/Agent" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "agents", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Agent" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdAgents" - } - }, - "/v1/accounts/{account_id}/agents/{id}": { - "get": { - "summary": "Get Agent", - "description": "Shows details on a single Agent associated with your account.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "id", - "description": "Agent ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Agent", - "schema": { - "type": "object", - "properties": { - "agent": { - "$ref": "#/definitions/Agent" - } - } - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Agent" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdAgentsId" - } - }, - "/v1/accounts/{account_id}/external_ports": { - "get": { - "summary": "List External Ports", - "description": "Shows external port records from External Recon scans associated with your account.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "organization_id", - "description": "Filter by organization ID within Huntress account", - "type": "integer", - "format": "int32", - "required": false - } - ], - "responses": { - "200": { - "description": "List External Ports", - "schema": { - "type": "object", - "properties": { - "external_ports": { - "type": "array", - "items": { - "$ref": "#/definitions/ExternalPort" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "external_ports", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/ExternalPort" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdExternalPorts" - } - }, - "/v1/accounts/{account_id}/external_ports/{id}": { - "get": { - "summary": "Get External Port", - "description": "Shows details on a single external port record associated with your account.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "id", - "description": "External port record ID", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get External Port", - "schema": { - "type": "object", - "properties": { - "external_port": { - "$ref": "#/definitions/ExternalPort" - } - } - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/ExternalPort" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdExternalPortsId" - } - }, - "/v1/accounts/{account_id}/invoices": { - "get": { - "summary": "List Account Invoices", - "description": "Shows Invoices associated with your account.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "status", - "description": "Filter by status. One of open, paid, failed, partial_refund, full_refund, draft, voided", - "type": "string", - "enum": [ - "open", - "paid", - "failed", - "partial_refund", - "full_refund", - "draft", - "voided" - ], - "required": false - } - ], - "responses": { - "200": { - "description": "List Account Invoices", - "schema": { - "type": "object", - "properties": { - "invoices": { - "type": "array", - "items": { - "$ref": "#/definitions/Invoice" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "invoices", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Invoice" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdInvoices" - } - }, - "/v1/accounts/{account_id}/invoices/{id}": { - "get": { - "summary": "Get Account Invoice", - "description": "Shows details on a single Invoice associated with your account.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "id", - "description": "Invoice ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Account Invoice", - "schema": { - "type": "object", - "properties": { - "invoice": { - "$ref": "#/definitions/Invoice" - } - } - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Invoice" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdInvoicesId" - } - }, - "/v1/accounts/{account_id}/incident_reports": { - "get": { - "summary": "List Incident Reports", - "description": "Shows Incident Reports associated with your account.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "indicator_type", - "description": "Filter by indicator type. One of footholds, monitored_files, ransomware_canaries, antivirus_detections, process_detections, managed_identity, mde_detections, siem_detections, favicon_detections, behavioral_detections, email_security_detections, app_control", - "type": "string", - "enum": [ - "footholds", - "monitored_files", - "ransomware_canaries", - "antivirus_detections", - "process_detections", - "managed_identity", - "mde_detections", - "siem_detections", - "favicon_detections", - "behavioral_detections", - "email_security_detections", - "app_control" - ], - "required": false - }, - { - "in": "query", - "name": "status", - "description": "Filter by status. One of sent, closed, dismissed, auto_remediating, deleting, partner_dismissed", - "type": "string", - "enum": [ - "sent", - "closed", - "dismissed", - "auto_remediating", - "deleting", - "partner_dismissed" - ], - "required": false - }, - { - "in": "query", - "name": "severity", - "description": "Filter by severity. One of low, high, critical", - "type": "string", - "enum": [ - "low", - "high", - "critical" - ], - "required": false - }, - { - "in": "query", - "name": "platform", - "description": "Filter by platform. One of windows, darwin, microsoft_365, google, linux, email_security, other", - "type": "string", - "enum": [ - "windows", - "darwin", - "microsoft_365", - "google", - "linux", - "email_security", - "other" - ], - "required": false - }, - { - "in": "query", - "name": "organization_id", - "description": "Filter by organization ID within Huntress account", - "type": "integer", - "format": "int32", - "required": false - }, - { - "in": "query", - "name": "agent_id", - "description": "Filter by agent ID within Huntress account", - "type": "integer", - "format": "int32", - "required": false - } - ], - "responses": { - "200": { - "description": "List Incident Reports", - "schema": { - "type": "object", - "properties": { - "incident_reports": { - "type": "array", - "items": { - "$ref": "#/definitions/IncidentReport" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "incident_reports", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/IncidentReport" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdIncidentReports" - } - }, - "/v1/accounts/{account_id}/incident_reports/{id}": { - "get": { - "summary": "Get Incident Report", - "description": "Shows details on a single Incident Report associated with your account.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "id", - "description": "Incident Report ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Incident Report", - "schema": { - "type": "object", - "properties": { - "incident_report": { - "$ref": "#/definitions/IncidentReport" - } - } - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/IncidentReport" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdIncidentReportsId" - } - }, - "/v1/accounts/{account_id}/incident_reports/{id}/resolution": { - "post": { - "summary": "Create an Incident Report Resolution", - "description": "Use this endpoint to resolve a single Incident Report. All remediations belonging to the Incident Report must be approved first.\n\nWhile resolution updates the report status to resolved, assisted remediations may still be running in the background and manual remediations may still require completion by a user.\n\nThis endpoint requires an API key with permissions to resolve incident reports. **Note that the default account API key is read-only, so you'll need to create a user-based API key with the appropriate permissions to access this endpoint**.\n", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "id", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "201": { - "description": "Create an Incident Report Resolution", - "schema": { - "$ref": "#/definitions/IncidentReport" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions." - }, - "409": { - "description": "Incident Report cannot be resolved. Confirm that all remediations are approved and report status is 'sent'." - }, - "422": { - "description": "Incident Report cannot be resolved unless report status is 'sent'." - } - }, - "tags": [ - "Reseller" - ], - "operationId": "postV1AccountsAccountIdIncidentReportsIdResolution" - } - }, - "/v1/accounts/{account_id}/memberships": { - "get": { - "summary": "List Memberships", - "description": "Shows a list of memberships.\n\nBy default, this endpoint returns both account and organization\nmemberships, but if an organization ID is supplied, it will return\nonly organization memberships, instead.\n\nThe example return value shows both an organization and an account, but\na given membership will only have one or the other.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "organization_id", - "description": "Filter by organization ID to return only memberships for that organization.", - "type": "integer", - "format": "int32", - "required": false - } - ], - "responses": { - "200": { - "description": "List Memberships", - "schema": { - "type": "object", - "properties": { - "memberships": { - "type": "array", - "items": { - "$ref": "#/definitions/Membership" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "memberships", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Membership" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdMemberships" - }, - "post": { - "summary": "Create a Membership", - "description": "This endpoint allows you to invite a user to join your organization or\naccount. A user will often be a person you wish to grant access to,\nbut it could also represent a team, an automated system, or any other\ntype of actor.\n\nIf an organization ID is provided, the user will be invited to that\norganization. If not, they will be invited to the account associated\nwith this API credential. Note that while the sample return value\nincludes both an organization and an account for completeness, in\npractice, only one or the other will be included.\n\nNote that this is technically creating a Membership Invitation - the\nactual membership won't be created until the user accepts the\ninvitation.\n", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "name": "MembershipCreationParameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/MembershipCreationParameters" - } - } - ], - "responses": { - "201": { - "description": "Create a Membership", - "schema": { - "$ref": "#/definitions/MemberInvitation" - } - }, - "400": { - "description": "Something about the request is malformed." - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Membership" - } - }, - "404": { - "description": "Organization not found." - }, - "422": { - "description": "Invalid creation parameters." - } - }, - "tags": [ - "Reseller" - ], - "operationId": "MembershipCreationParameters" - } - }, - "/v1/accounts/{account_id}/memberships/{id}": { - "get": { - "summary": "Get Membership", - "description": "Shows details on a single Membership associated with your account or organization.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "id", - "description": "Membership ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Membership", - "schema": { - "type": "object", - "properties": { - "membership": { - "$ref": "#/definitions/Membership" - } - } - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Membership" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdMembershipsId" - }, - "delete": { - "summary": "Delete Membership", - "description": "Deletes a single Membership associated with your account or organization. Does not delete the user associated with the membership.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "id", - "description": "Membership ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "202": { - "description": "Membership deleted", - "schema": { - "type": "object", - "properties": { - "membership": { - "$ref": "#/definitions/Membership" - } - } - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Membership" - } - }, - "404": { - "description": "Membership not found, possibly because it has already been deleted." - }, - "422": { - "description": "Failed to delete membership. Please contact support." - } - }, - "tags": [ - "Reseller" - ], - "operationId": "deleteV1AccountsAccountIdMembershipsId" - }, - "patch": { - "summary": "Update a User's membership", - "description": "", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "id", - "description": "Membership ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - }, - { - "name": "MembershipUpdateParameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/MembershipUpdateParameters" - } - } - ], - "responses": { - "200": { - "description": "Update a User's membership", - "schema": { - "$ref": "#/definitions/Membership" - } - }, - "400": { - "description": "Something about the request is malformed." - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Membership" - } - }, - "422": { - "description": "Something prevented the update." - } - }, - "tags": [ - "Reseller" - ], - "operationId": "MembershipUpdateParameters" - } - }, - "/v1/accounts/{account_id}/organizations": { - "get": { - "summary": "List Organizations", - "description": "Shows details of Organizations belonging to the account associated with your API credentials.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - } - ], - "responses": { - "200": { - "description": "List Organizations", - "schema": { - "type": "object", - "properties": { - "organizations": { - "type": "array", - "items": { - "$ref": "#/definitions/Organization" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "organizations", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Organization" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdOrganizations" - }, - "post": { - "summary": "Create an Organization", - "description": "", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "name": "OrganizationCreationParameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/OrganizationCreationParameters" - } - } - ], - "responses": { - "201": { - "description": "Create an Organization", - "schema": { - "$ref": "#/definitions/Organization" - } - }, - "400": { - "description": "Something about the request is malformed." - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Organization" - } - }, - "422": { - "description": "Invalid creation parameters." - } - }, - "tags": [ - "Reseller" - ], - "operationId": "OrganizationCreationParameters" - } - }, - "/v1/accounts/{account_id}/organizations/{id}": { - "get": { - "summary": "Get Organization", - "description": "Shows details on a single Organization associated with your account.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "id", - "description": "Organization ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Organization", - "schema": { - "type": "object", - "properties": { - "organization": { - "$ref": "#/definitions/Organization" - } - } - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Organization" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdOrganizationsId" - }, - "patch": { - "summary": "Update an Organization", - "description": "", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "name": "OrganizationUpdateParameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/OrganizationUpdateParameters" - } - } - ], - "responses": { - "200": { - "description": "Update an Organization", - "schema": { - "$ref": "#/definitions/Organization" - } - }, - "400": { - "description": "Something about the request is malformed." - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Organization" - } - }, - "422": { - "description": "Invalid update parameters." - } - }, - "tags": [ - "Reseller" - ], - "operationId": "OrganizationUpdateParameters" - }, - "delete": { - "summary": "Delete an Organization", - "description": "Deletes the specified Organization.\n\n**Please note:** this will uninstall all of the agents in this organization, as well as completing other similar operations. For more information, see our [support documentation](https://support.huntress.io/hc/en-us/articles/4404005208851-Add-Rename-or-Delete-Organizations).\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "id", - "description": "The id of the organization to be deleted", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "202": { - "description": "Organization deleted", - "schema": { - "$ref": "#/definitions/Organization" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Organization" - } - }, - "404": { - "description": "Organization not found, possibly because it has already been deleted." - }, - "409": { - "description": "There is a conflict about the organization that prevents deletion. See error message for more details." - }, - "422": { - "description": "Failed to delete organization. Please contact support." - } - }, - "tags": [ - "Reseller" - ], - "operationId": "deleteV1AccountsAccountIdOrganizationsId" - } - }, - "/v1/accounts/{account_id}/incident_reports/{incident_report_id}/remediations": { - "get": { - "summary": "List Remediations", - "description": "Shows details of Remediations belonging to a single Incident Report.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "incident_report_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "types[]", - "description": "Filter by type of remediation. Must be a comma-separated string containing the values: assisted, manual, containment", - "type": "array", - "items": { - "type": "string", - "enum": [ - "assisted", - "manual", - "containment" - ] - }, - "required": false - }, - { - "in": "query", - "name": "statuses[]", - "description": "Filter by status of remediation. Must be a comma-separated string containing the values: unapproved, approved, completed, failed, cancelled", - "type": "array", - "items": { - "type": "string", - "enum": [ - "unapproved", - "approved", - "completed", - "failed", - "cancelled" - ] - }, - "required": false - } - ], - "responses": { - "200": { - "description": "List Remediations", - "schema": { - "type": "array", - "items": { - "$ref": "#/definitions/Remediation" - } - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Remediation" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdIncidentReportsIncidentReportIdRemediations" - } - }, - "/v1/accounts/{account_id}/incident_reports/{incident_report_id}/remediations/{remediation_id}": { - "get": { - "summary": "Get Remediation", - "description": "Shows details for a single Remediation belonging to a single Incident Report", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "incident_report_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "remediation_id", - "description": "Incident Report ID", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Remediation", - "schema": { - "$ref": "#/definitions/Remediation" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Remediation" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdIncidentReportsIncidentReportIdRemediationsRemediationId" - } - }, - "/v1/accounts/{account_id}/incident_reports/{incident_report_id}/remediations/bulk_approval": { - "post": { - "summary": "Bulk Approve Remediations", - "description": "Approve all unapproved remediations for an Incident Report. Approval immediately triggers the execution of assisted remediations.\nManual remediations are not executed, and must be independently completed. Once all remediations are approved,\nthe incident report becomes eligible for resolution.\n\nThis endpoint requires an API key with permissions to write to remediations. **Note that the default account API key is read-only, so you'll need to create a user-based API key with the appropriate permissions to access this endpoint**.\n", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "incident_report_id", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "201": { - "description": "Bulk Approve Remediations", - "schema": { - "$ref": "#/definitions/IncidentReport" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions." - }, - "409": { - "description": "Incident Report must have a status of 'sent'." - }, - "422": { - "description": "Unable to approve remediations" - } - }, - "tags": [ - "Reseller" - ], - "operationId": "postV1AccountsAccountIdIncidentReportsIncidentReportIdRemediationsBulkApproval" - } - }, - "/v1/accounts/{account_id}/incident_reports/{incident_report_id}/remediations/bulk_rejection": { - "post": { - "summary": "Bulk Reject Remediations", - "description": "Reject all unapproved remediations for an Incident Report. Rejecting the remediations will send the incident report back to the Huntress SOC.\n\nThis endpoint requires an API key with permissions to write to remediations. **Note that the default account API key is read-only, so you'll need to create a user-based API key with the appropriate permissions to access this endpoint**.\n", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "incident_report_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "name": "RemediationBulkRejectionParameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/RemediationBulkRejectionParameters" - } - } - ], - "responses": { - "201": { - "description": "Remediations rejected." - }, - "403": { - "description": "There was an issue with your API credential or permissions." - }, - "409": { - "description": "Incident Report must have a status of 'sent'." - }, - "422": { - "description": "Unable to reject remediations" - } - }, - "tags": [ - "Reseller" - ], - "operationId": "RemediationBulkRejectionParameters" - } - }, - "/v1/accounts/{account_id}/reports": { - "get": { - "summary": "List Summary Reports", - "description": "Shows Summary Reports associated with your account.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "period_min", - "description": "Filter by an ISO-8601 formatted date string that represents the lower bound of the search range for the period date.", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "period_max", - "description": "Filter by an ISO-8601 formatted date string that represents the upper bound of the search range for the period date.", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "organization_id", - "description": "Filter by organization ID within Huntress account", - "type": "integer", - "format": "int32", - "required": false - }, - { - "in": "query", - "name": "type", - "description": "Filter by report type. One of monthly_summary, quarterly_summary, yearly_summary", - "type": "string", - "enum": [ - "monthly_summary", - "quarterly_summary", - "yearly_summary" - ], - "required": false - } - ], - "responses": { - "200": { - "description": "List Summary Reports", - "schema": { - "type": "object", - "properties": { - "reports": { - "type": "array", - "items": { - "$ref": "#/definitions/SummaryReport" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "reports", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions." - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdReports" - } - }, - "/v1/accounts/{account_id}/reports/{id}": { - "get": { - "summary": "Get Summary Report", - "description": "Shows details on a single Summary Report associated with your account.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "id", - "description": "Report ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Summary Report", - "schema": { - "$ref": "#/definitions/SummaryReport" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions." - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdReportsId" - } - }, - "/v1/accounts/{account_id}/signals": { - "get": { - "summary": "List Signals", - "description": "Shows details of Signals belonging to the account associated with your API credentials.\n\nSignals are used to highlight interesting user or system behaviors that an analyst can reference during a cyber investigation.\nA detected Signal could be as broad and low fidelity as the detection of a command line user running whoami, or it could be as specific and high fidelity as detecting a known malware file.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "investigated_at_min", - "description": "Filter by an ISO-8601 formatted date string that represents the lower bound of the search range for the investigated_at date.", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "investigated_at_max", - "description": "Filter by an ISO-8601 formatted date string that represents the upper bound of the search range for the investigated_at date.", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "entity_type", - "description": "Filter by the entity type that the Signal originated from. This filter can be used without specifying entity_id.", - "type": "string", - "enum": [ - "user_entity", - "source", - "mailbox", - "service_principal", - "agent", - "identity" - ], - "required": false - }, - { - "in": "query", - "name": "entity_id", - "description": "Filter by the entity ID that the Signal originated from. Must be used in tandem with entity_type parameter.", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "organization_id", - "description": "Filter by organization ID within Huntress account", - "type": "integer", - "format": "int32", - "required": false - }, - { - "in": "query", - "name": "types", - "description": "Filter by the types of Signal, must be comma-separated string containing the values: `Antivirus, Process Insights, Managed ITDR, Footholds, MDE Detections, SIEM, Ransomware Canaries, Favicon Detections, Attack Disruptions, App Control`", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "statuses", - "description": "Filter by status. Must be comma-separated string containing the values: `reported`, `closed`", - "type": "string", - "required": false - } - ], - "responses": { - "200": { - "description": "List Signals", - "schema": { - "type": "object", - "properties": { - "signals": { - "type": "array", - "items": { - "$ref": "#/definitions/Signal" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "signals", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Signal" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdSignals" - } - }, - "/v1/accounts/{account_id}/signals/{id}": { - "get": { - "summary": "Get Signal", - "description": "Shows details of a single Signal belonging to the account associated with your API credentials.\n\nSignals are used to highlight interesting user or system behaviors that an analyst can reference during a cyber investigation.\nA detected Signal could be as broad and low fidelity as the detection of a command line user running whoami, or it could be as specific and high fidelity as detecting a known malware file.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "account_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "id", - "description": "Signal ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Signal", - "schema": { - "$ref": "#/definitions/Signal" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Signal" - } - } - }, - "tags": [ - "Reseller" - ], - "operationId": "getV1AccountsAccountIdSignalsId" - } - }, - "/v1/actor": { - "get": { - "summary": "Get Actor", - "description": "Shows details of the entities associated with the supplied API credentials. It will only return the fields relevant to the current credentials.\nFor more information on User management, see [Product Support](https://support.huntress.io/hc/en-us/articles/4404012574227-Adding-and-Managing-Huntress-Users)\n", - "produces": [ - "application/json" - ], - "responses": { - "200": { - "description": "Get Actor", - "schema": { - "$ref": "#/definitions/Actor" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Actor" - } - } - }, - "tags": [ - "Actor", - "Reseller" - ], - "operationId": "getV1Actor" - } - }, - "/v1/agents": { - "get": { - "summary": "List Agents", - "description": "Shows Agents associated with your account.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "organization_id", - "description": "Filter by organization ID within Huntress account", - "type": "integer", - "format": "int32", - "required": false - }, - { - "in": "query", - "name": "platform", - "description": "Filter by platform. One of windows, darwin, linux", - "type": "string", - "enum": [ - "windows", - "darwin", - "linux" - ], - "required": false - } - ], - "responses": { - "200": { - "description": "List Agents", - "schema": { - "type": "object", - "properties": { - "agents": { - "type": "array", - "items": { - "$ref": "#/definitions/Agent" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "agents", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Agent" - } - } - }, - "tags": [ - "Agents" - ], - "operationId": "getV1Agents" - } - }, - "/v1/agents/{id}": { - "get": { - "summary": "Get Agent", - "description": "Shows details on a single Agent associated with your account.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "description": "Agent ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Agent", - "schema": { - "type": "object", - "properties": { - "agent": { - "$ref": "#/definitions/Agent" - } - } - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Agent" - } - } - }, - "tags": [ - "Agents" - ], - "operationId": "getV1AgentsId" - } - }, - "/v1/invoices": { - "get": { - "summary": "List Account Invoices", - "description": "Shows Invoices associated with your account.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "status", - "description": "Filter by status. One of open, paid, failed, partial_refund, full_refund, draft, voided", - "type": "string", - "enum": [ - "open", - "paid", - "failed", - "partial_refund", - "full_refund", - "draft", - "voided" - ], - "required": false - } - ], - "responses": { - "200": { - "description": "List Account Invoices", - "schema": { - "type": "object", - "properties": { - "invoices": { - "type": "array", - "items": { - "$ref": "#/definitions/Invoice" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "invoices", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Invoice" - } - } - }, - "tags": [ - "Invoices" - ], - "operationId": "getV1Invoices" - } - }, - "/v1/invoices/{id}": { - "get": { - "summary": "Get Account Invoice", - "description": "Shows details on a single Invoice associated with your account.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "description": "Invoice ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Account Invoice", - "schema": { - "type": "object", - "properties": { - "invoice": { - "$ref": "#/definitions/Invoice" - } - } - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Invoice" - } - } - }, - "tags": [ - "Invoices" - ], - "operationId": "getV1InvoicesId" - } - }, - "/v1/escalations": { - "get": { - "summary": "List Escalations", - "description": "\nShows Escalations associated with your account.\nAdditional details for a specific escalation can be obtained by using the **GET Escalation** endpoint.\n\nEscalations are used to notify Huntress account administrators that a situation requires their attention.\nBelow are some common use cases:\n - The Huntress security platform is unable to send incident reports to your PSA system and we need you to reconfigure the integration.\n - Security Operation Centers (SOC) suspect that an application being flagged as malicious is a false positive, and we want to get your authorization to allow-list the application moving forward.\n - A potential threat flagged by Managed Defender requires additional information (file path details, etc.) in order for Huntress to provide actionable assisted remediation steps.\n - A login event occurred from an unexpected country or VPN, and Huntress would like partner feedback on whether that event should be expected or unauthorized.\n\n Though Escalations are not incident reports, they do have severities (low, high, critical) associated with them that dictate an expected response time.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "status", - "description": "Filter by status. One of open, overdue, resolved", - "type": "string", - "enum": [ - "open", - "overdue", - "resolved" - ], - "required": false - } - ], - "responses": { - "200": { - "description": "List Escalations", - "schema": { - "type": "object", - "properties": { - "escalations": { - "type": "array", - "items": { - "$ref": "#/definitions/Escalation" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "escalations", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Escalation" - } - } - }, - "tags": [ - "Escalations" - ], - "operationId": "getV1Escalations" - } - }, - "/v1/escalations/{id}": { - "get": { - "summary": "Get Escalation", - "description": "Shows details on a single Escalation associated with your account.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "description": "Escalation ID within Huntress Account", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Escalation", - "schema": { - "$ref": "#/definitions/EscalationWithEntities" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Escalation" - } - } - }, - "tags": [ - "Escalations" - ], - "operationId": "getV1EscalationsId" - } - }, - "/v1/escalations/{id}/resolution": { - "post": { - "summary": "Create an Escalation Resolution", - "description": "Allows you to resolve an Escalation. Creating a resolution updates the Escalation's status\nto resolved. This endpoint requires an API key with permissions to write to Escalations. **Note that the default account API key is read-only, so you'll need to create a user-based API key with the appropriate permissions to access this endpoint**.\nThe behavior of this endpoint varies by Escalation type so your request should be crafted based on the specific Escalation you are interacting with.\n\n#### Simple Resolution\n\nFor most types of Escalations, a POST to the resolution endpoint with only the Escalation's ID is sufficient. This action resolves the Escalation directly without requiring any additional parameters.\n\n#### Complex Resolution\n\nFor Escalations that have many entities which all require action, a call to this endpoint will **bulk resolve all associated entities at once**. The determination provided will be **applied to every single entity attached to the Escalation.** \nNote that these kinds of Escalation resolutions require extra parameters in their requests. \n\nEscalation types that can resolve multiple associated entities at once are:\n - Unwanted Country Access\n - Unwanted VPN Access\n\n **NOTE:** Ommitting both `determination` and `scope` params will temporarily resolve the Unwanted Access Escalations.\n The escalation will reopen upon the next occurrence of the event that created the escalation.\n This is equivalent to using the \"dismiss\" option in the portal.\n\n#### API Resolution Not Supported\n\nFor a few Escalation types, this endpoint is not supported. These Escalations require specific actions to be taken outside of the API (e.g., re-enabling Microsoft Defender) to be resolved.\n\nFor example, the following Escalation types cannot be resolved through the API:\n - Defender Disabled\n - Logs Sources Not Reporting\n - Log Source Data not Audited Properly\n", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "name": "EscalationResolutionParameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/EscalationResolutionParameters" - } - } - ], - "responses": { - "201": { - "description": "Create an Escalation Resolution", - "schema": { - "$ref": "#/definitions/EscalationWithEntities" - } - }, - "400": { - "description": "Invalid resolution parameters" - }, - "403": { - "description": "There was an issue with your API credential or permissions." - }, - "409": { - "description": "Escalation has already been resolved" - }, - "422": { - "description": "Escalation cannot be resolved through the API" - } - }, - "tags": [ - "Escalations" - ], - "operationId": "EscalationResolutionParameters" - } - }, - "/v1/external_ports": { - "get": { - "summary": "List External Ports", - "description": "Shows external port records from External Recon scans associated with your account.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "organization_id", - "description": "Filter by organization ID within Huntress account", - "type": "integer", - "format": "int32", - "required": false - } - ], - "responses": { - "200": { - "description": "List External Ports", - "schema": { - "type": "object", - "properties": { - "external_ports": { - "type": "array", - "items": { - "$ref": "#/definitions/ExternalPort" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "external_ports", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/ExternalPort" - } - } - }, - "tags": [ - "External Recon" - ], - "operationId": "getV1ExternalPorts" - } - }, - "/v1/external_ports/{id}": { - "get": { - "summary": "Get External Port", - "description": "Shows details on a single external port record associated with your account.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "description": "External port record ID", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get External Port", - "schema": { - "type": "object", - "properties": { - "external_port": { - "$ref": "#/definitions/ExternalPort" - } - } - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/ExternalPort" - } - } - }, - "tags": [ - "External Recon" - ], - "operationId": "getV1ExternalPortsId" - } - }, - "/v1/incident_reports": { - "get": { - "summary": "List Incident Reports", - "description": "Shows Incident Reports associated with your account.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "indicator_type", - "description": "Filter by indicator type. One of footholds, monitored_files, ransomware_canaries, antivirus_detections, process_detections, managed_identity, mde_detections, siem_detections, favicon_detections, behavioral_detections, email_security_detections, app_control", - "type": "string", - "enum": [ - "footholds", - "monitored_files", - "ransomware_canaries", - "antivirus_detections", - "process_detections", - "managed_identity", - "mde_detections", - "siem_detections", - "favicon_detections", - "behavioral_detections", - "email_security_detections", - "app_control" - ], - "required": false - }, - { - "in": "query", - "name": "status", - "description": "Filter by status. One of sent, closed, dismissed, auto_remediating, deleting, partner_dismissed", - "type": "string", - "enum": [ - "sent", - "closed", - "dismissed", - "auto_remediating", - "deleting", - "partner_dismissed" - ], - "required": false - }, - { - "in": "query", - "name": "severity", - "description": "Filter by severity. One of low, high, critical", - "type": "string", - "enum": [ - "low", - "high", - "critical" - ], - "required": false - }, - { - "in": "query", - "name": "platform", - "description": "Filter by platform. One of windows, darwin, microsoft_365, google, linux, email_security, other", - "type": "string", - "enum": [ - "windows", - "darwin", - "microsoft_365", - "google", - "linux", - "email_security", - "other" - ], - "required": false - }, - { - "in": "query", - "name": "organization_id", - "description": "Filter by organization ID within Huntress account", - "type": "integer", - "format": "int32", - "required": false - }, - { - "in": "query", - "name": "agent_id", - "description": "Filter by agent ID within Huntress account", - "type": "integer", - "format": "int32", - "required": false - } - ], - "responses": { - "200": { - "description": "List Incident Reports", - "schema": { - "type": "object", - "properties": { - "incident_reports": { - "type": "array", - "items": { - "$ref": "#/definitions/IncidentReport" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "incident_reports", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/IncidentReport" - } - } - }, - "tags": [ - "Incident Reports" - ], - "operationId": "getV1IncidentReports" - } - }, - "/v1/incident_reports/{id}": { - "get": { - "summary": "Get Incident Report", - "description": "Shows details on a single Incident Report associated with your account.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "description": "Incident Report ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Incident Report", - "schema": { - "type": "object", - "properties": { - "incident_report": { - "$ref": "#/definitions/IncidentReport" - } - } - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/IncidentReport" - } - } - }, - "tags": [ - "Incident Reports" - ], - "operationId": "getV1IncidentReportsId" - } - }, - "/v1/incident_reports/{id}/resolution": { - "post": { - "summary": "Create an Incident Report Resolution", - "description": "Use this endpoint to resolve a single Incident Report. All remediations belonging to the Incident Report must be approved first.\n\nWhile resolution updates the report status to resolved, assisted remediations may still be running in the background and manual remediations may still require completion by a user.\n\nThis endpoint requires an API key with permissions to resolve incident reports. **Note that the default account API key is read-only, so you'll need to create a user-based API key with the appropriate permissions to access this endpoint**.\n", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "201": { - "description": "Create an Incident Report Resolution", - "schema": { - "$ref": "#/definitions/IncidentReport" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions." - }, - "409": { - "description": "Incident Report cannot be resolved. Confirm that all remediations are approved and report status is 'sent'." - }, - "422": { - "description": "Incident Report cannot be resolved unless report status is 'sent'." - } - }, - "tags": [ - "Incident Reports" - ], - "operationId": "postV1IncidentReportsIdResolution" - } - }, - "/v1/incident_reports/{incident_report_id}/remediations": { - "get": { - "summary": "List Remediations", - "description": "Shows details of Remediations belonging to a single Incident Report.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "incident_report_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "types[]", - "description": "Filter by type of remediation. Must be a comma-separated string containing the values: assisted, manual, containment", - "type": "array", - "items": { - "type": "string", - "enum": [ - "assisted", - "manual", - "containment" - ] - }, - "required": false - }, - { - "in": "query", - "name": "statuses[]", - "description": "Filter by status of remediation. Must be a comma-separated string containing the values: unapproved, approved, completed, failed, cancelled", - "type": "array", - "items": { - "type": "string", - "enum": [ - "unapproved", - "approved", - "completed", - "failed", - "cancelled" - ] - }, - "required": false - } - ], - "responses": { - "200": { - "description": "List Remediations", - "schema": { - "type": "array", - "items": { - "$ref": "#/definitions/Remediation" - } - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Remediation" - } - } - }, - "tags": [ - "Incident Reports" - ], - "operationId": "getV1IncidentReportsIncidentReportIdRemediations" - } - }, - "/v1/incident_reports/{incident_report_id}/remediations/{remediation_id}": { - "get": { - "summary": "Get Remediation", - "description": "Shows details for a single Remediation belonging to a single Incident Report", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "incident_report_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "in": "path", - "name": "remediation_id", - "description": "Incident Report ID", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Remediation", - "schema": { - "$ref": "#/definitions/Remediation" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Remediation" - } - } - }, - "tags": [ - "Incident Reports" - ], - "operationId": "getV1IncidentReportsIncidentReportIdRemediationsRemediationId" - } - }, - "/v1/incident_reports/{incident_report_id}/remediations/bulk_approval": { - "post": { - "summary": "Bulk Approve Remediations", - "description": "Approve all unapproved remediations for an Incident Report. Approval immediately triggers the execution of assisted remediations.\nManual remediations are not executed, and must be independently completed. Once all remediations are approved,\nthe incident report becomes eligible for resolution.\n\nThis endpoint requires an API key with permissions to write to remediations. **Note that the default account API key is read-only, so you'll need to create a user-based API key with the appropriate permissions to access this endpoint**.\n", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "incident_report_id", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "201": { - "description": "Bulk Approve Remediations", - "schema": { - "$ref": "#/definitions/IncidentReport" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions." - }, - "409": { - "description": "Incident Report must have a status of 'sent'." - }, - "422": { - "description": "Unable to approve remediations" - } - }, - "tags": [ - "Incident Reports" - ], - "operationId": "postV1IncidentReportsIncidentReportIdRemediationsBulkApproval" - } - }, - "/v1/incident_reports/{incident_report_id}/remediations/bulk_rejection": { - "post": { - "summary": "Bulk Reject Remediations", - "description": "Reject all unapproved remediations for an Incident Report. Rejecting the remediations will send the incident report back to the Huntress SOC.\n\nThis endpoint requires an API key with permissions to write to remediations. **Note that the default account API key is read-only, so you'll need to create a user-based API key with the appropriate permissions to access this endpoint**.\n", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "incident_report_id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "name": "RemediationBulkRejectionParameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/RemediationBulkRejectionParameters" - } - } - ], - "responses": { - "201": { - "description": "Remediations rejected." - }, - "403": { - "description": "There was an issue with your API credential or permissions." - }, - "409": { - "description": "Incident Report must have a status of 'sent'." - }, - "422": { - "description": "Unable to reject remediations" - } - }, - "tags": [ - "Incident Reports" - ], - "operationId": "RemediationBulkRejectionParameters" - } - }, - "/v1/memberships": { - "get": { - "summary": "List Memberships", - "description": "Shows a list of memberships.\n\nBy default, this endpoint returns both account and organization\nmemberships, but if an organization ID is supplied, it will return\nonly organization memberships, instead.\n\nThe example return value shows both an organization and an account, but\na given membership will only have one or the other.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "organization_id", - "description": "Filter by organization ID to return only memberships for that organization.", - "type": "integer", - "format": "int32", - "required": false - } - ], - "responses": { - "200": { - "description": "List Memberships", - "schema": { - "type": "object", - "properties": { - "memberships": { - "type": "array", - "items": { - "$ref": "#/definitions/Membership" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "memberships", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Membership" - } - } - }, - "tags": [ - "Users" - ], - "operationId": "getV1Memberships" - }, - "post": { - "summary": "Create a Membership", - "description": "This endpoint allows you to invite a user to join your organization or\naccount. A user will often be a person you wish to grant access to,\nbut it could also represent a team, an automated system, or any other\ntype of actor.\n\nIf an organization ID is provided, the user will be invited to that\norganization. If not, they will be invited to the account associated\nwith this API credential. Note that while the sample return value\nincludes both an organization and an account for completeness, in\npractice, only one or the other will be included.\n\nNote that this is technically creating a Membership Invitation - the\nactual membership won't be created until the user accepts the\ninvitation.\n", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "name": "MembershipCreationParameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/MembershipCreationParameters" - } - } - ], - "responses": { - "201": { - "description": "Create a Membership", - "schema": { - "$ref": "#/definitions/MemberInvitation" - } - }, - "400": { - "description": "Something about the request is malformed." - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Membership" - } - }, - "404": { - "description": "Organization not found." - }, - "422": { - "description": "Invalid creation parameters." - } - }, - "tags": [ - "Users" - ], - "operationId": "MembershipCreationParameters" - } - }, - "/v1/memberships/{id}": { - "get": { - "summary": "Get Membership", - "description": "Shows details on a single Membership associated with your account or organization.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "description": "Membership ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Membership", - "schema": { - "type": "object", - "properties": { - "membership": { - "$ref": "#/definitions/Membership" - } - } - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Membership" - } - } - }, - "tags": [ - "Users" - ], - "operationId": "getV1MembershipsId" - }, - "delete": { - "summary": "Delete Membership", - "description": "Deletes a single Membership associated with your account or organization. Does not delete the user associated with the membership.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "description": "Membership ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "202": { - "description": "Membership deleted", - "schema": { - "type": "object", - "properties": { - "membership": { - "$ref": "#/definitions/Membership" - } - } - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Membership" - } - }, - "404": { - "description": "Membership not found, possibly because it has already been deleted." - }, - "422": { - "description": "Failed to delete membership. Please contact support." - } - }, - "tags": [ - "Users" - ], - "operationId": "deleteV1MembershipsId" - }, - "patch": { - "summary": "Update a User's membership", - "description": "", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "description": "Membership ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - }, - { - "name": "MembershipUpdateParameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/MembershipUpdateParameters" - } - } - ], - "responses": { - "200": { - "description": "Update a User's membership", - "schema": { - "$ref": "#/definitions/Membership" - } - }, - "400": { - "description": "Something about the request is malformed." - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Membership" - } - }, - "422": { - "description": "Something prevented the update." - } - }, - "tags": [ - "Users" - ], - "operationId": "MembershipUpdateParameters" - } - }, - "/v1/organizations": { - "get": { - "summary": "List Organizations", - "description": "Shows details of Organizations belonging to the account associated with your API credentials.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - } - ], - "responses": { - "200": { - "description": "List Organizations", - "schema": { - "type": "object", - "properties": { - "organizations": { - "type": "array", - "items": { - "$ref": "#/definitions/Organization" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "organizations", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Organization" - } - } - }, - "tags": [ - "Organizations" - ], - "operationId": "getV1Organizations" - }, - "post": { - "summary": "Create an Organization", - "description": "", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "name": "OrganizationCreationParameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/OrganizationCreationParameters" - } - } - ], - "responses": { - "201": { - "description": "Create an Organization", - "schema": { - "$ref": "#/definitions/Organization" - } - }, - "400": { - "description": "Something about the request is malformed." - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Organization" - } - }, - "422": { - "description": "Invalid creation parameters." - } - }, - "tags": [ - "Organizations" - ], - "operationId": "OrganizationCreationParameters" - } - }, - "/v1/organizations/{id}": { - "get": { - "summary": "Get Organization", - "description": "Shows details on a single Organization associated with your account.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "description": "Organization ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Organization", - "schema": { - "type": "object", - "properties": { - "organization": { - "$ref": "#/definitions/Organization" - } - } - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Organization" - } - } - }, - "tags": [ - "Organizations" - ], - "operationId": "getV1OrganizationsId" - }, - "patch": { - "summary": "Update an Organization", - "description": "", - "produces": [ - "application/json" - ], - "consumes": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "type": "integer", - "format": "int32", - "required": true - }, - { - "name": "OrganizationUpdateParameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/OrganizationUpdateParameters" - } - } - ], - "responses": { - "200": { - "description": "Update an Organization", - "schema": { - "$ref": "#/definitions/Organization" - } - }, - "400": { - "description": "Something about the request is malformed." - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Organization" - } - }, - "422": { - "description": "Invalid update parameters." - } - }, - "tags": [ - "Organizations" - ], - "operationId": "OrganizationUpdateParameters" - }, - "delete": { - "summary": "Delete an Organization", - "description": "Deletes the specified Organization.\n\n**Please note:** this will uninstall all of the agents in this organization, as well as completing other similar operations. For more information, see our [support documentation](https://support.huntress.io/hc/en-us/articles/4404005208851-Add-Rename-or-Delete-Organizations).\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "description": "The id of the organization to be deleted", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "202": { - "description": "Organization deleted", - "schema": { - "$ref": "#/definitions/Organization" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Organization" - } - }, - "404": { - "description": "Organization not found, possibly because it has already been deleted." - }, - "409": { - "description": "There is a conflict about the organization that prevents deletion. See error message for more details." - }, - "422": { - "description": "Failed to delete organization. Please contact support." - } - }, - "tags": [ - "Organizations" - ], - "operationId": "deleteV1OrganizationsId" - } - }, - "/v1/reports": { - "get": { - "summary": "List Summary Reports", - "description": "Shows Summary Reports associated with your account.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "period_min", - "description": "Filter by an ISO-8601 formatted date string that represents the lower bound of the search range for the period date.", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "period_max", - "description": "Filter by an ISO-8601 formatted date string that represents the upper bound of the search range for the period date.", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "organization_id", - "description": "Filter by organization ID within Huntress account", - "type": "integer", - "format": "int32", - "required": false - }, - { - "in": "query", - "name": "type", - "description": "Filter by report type. One of monthly_summary, quarterly_summary, yearly_summary", - "type": "string", - "enum": [ - "monthly_summary", - "quarterly_summary", - "yearly_summary" - ], - "required": false - } - ], - "responses": { - "200": { - "description": "List Summary Reports", - "schema": { - "type": "object", - "properties": { - "reports": { - "type": "array", - "items": { - "$ref": "#/definitions/SummaryReport" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "reports", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions." - } - }, - "tags": [ - "Summary Reports" - ], - "operationId": "getV1Reports" - } - }, - "/v1/reports/{id}": { - "get": { - "summary": "Get Summary Report", - "description": "Shows details on a single Summary Report associated with your account.", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "description": "Report ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Summary Report", - "schema": { - "$ref": "#/definitions/SummaryReport" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions." - } - }, - "tags": [ - "Summary Reports" - ], - "operationId": "getV1ReportsId" - } - }, - "/v1/signals": { - "get": { - "summary": "List Signals", - "description": "Shows details of Signals belonging to the account associated with your API credentials.\n\nSignals are used to highlight interesting user or system behaviors that an analyst can reference during a cyber investigation.\nA detected Signal could be as broad and low fidelity as the detection of a command line user running whoami, or it could be as specific and high fidelity as detecting a known malware file.\n\n**Note:** This endpoint will also return a `pagination` key on the root level. \nPlease refer to the [pagination section](https://api.huntress.io/docs#pagination) within our docs for more information.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "query", - "name": "limit", - "description": "Max number of resources returned in a paged collection. Defaults to 10, with a minimum of 1 and maximum 500.", - "type": "integer", - "format": "int32", - "default": 10, - "minimum": 1, - "maximum": 500, - "required": false - }, - { - "in": "query", - "name": "page_token", - "description": "Token used to request the next page in paginated results. Defaults to 'null'", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "investigated_at_min", - "description": "Filter by an ISO-8601 formatted date string that represents the lower bound of the search range for the investigated_at date.", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "investigated_at_max", - "description": "Filter by an ISO-8601 formatted date string that represents the upper bound of the search range for the investigated_at date.", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "entity_type", - "description": "Filter by the entity type that the Signal originated from. This filter can be used without specifying entity_id.", - "type": "string", - "enum": [ - "user_entity", - "source", - "mailbox", - "service_principal", - "agent", - "identity" - ], - "required": false - }, - { - "in": "query", - "name": "entity_id", - "description": "Filter by the entity ID that the Signal originated from. Must be used in tandem with entity_type parameter.", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "organization_id", - "description": "Filter by organization ID within Huntress account", - "type": "integer", - "format": "int32", - "required": false - }, - { - "in": "query", - "name": "types", - "description": "Filter by the types of Signal, must be comma-separated string containing the values: `Antivirus, Process Insights, Managed ITDR, Footholds, MDE Detections, SIEM, Ransomware Canaries, Favicon Detections, Attack Disruptions, App Control`", - "type": "string", - "required": false - }, - { - "in": "query", - "name": "statuses", - "description": "Filter by status. Must be comma-separated string containing the values: `reported`, `closed`", - "type": "string", - "required": false - } - ], - "responses": { - "200": { - "description": "List Signals", - "schema": { - "type": "object", - "properties": { - "signals": { - "type": "array", - "items": { - "$ref": "#/definitions/Signal" - } - }, - "pagination": { - "$ref": "#/definitions/RestApi_V1_Entities_Pagination" - } - }, - "required": [ - "signals", - "pagination" - ] - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Signal" - } - } - }, - "tags": [ - "Signals" - ], - "operationId": "getV1Signals" - } - }, - "/v1/signals/{id}": { - "get": { - "summary": "Get Signal", - "description": "Shows details of a single Signal belonging to the account associated with your API credentials.\n\nSignals are used to highlight interesting user or system behaviors that an analyst can reference during a cyber investigation.\nA detected Signal could be as broad and low fidelity as the detection of a command line user running whoami, or it could be as specific and high fidelity as detecting a known malware file.\n", - "produces": [ - "application/json" - ], - "parameters": [ - { - "in": "path", - "name": "id", - "description": "Signal ID within Huntress account", - "type": "integer", - "format": "int32", - "required": true - } - ], - "responses": { - "200": { - "description": "Get Signal", - "schema": { - "$ref": "#/definitions/Signal" - } - }, - "403": { - "description": "There was an issue with your API credential or permissions.", - "schema": { - "$ref": "#/definitions/Signal" - } - } - }, - "tags": [ - "Signals" - ], - "operationId": "getV1SignalsId" - } - } - }, - "definitions": { - "Invoice": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int64", - "example": 1, - "description": "A unique identifier for the invoice." - }, - "amount": { - "type": "integer", - "format": "int32", - "example": 303, - "description": "The amount intended to be collected by this invoice. Mimics Stripe.." - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-01T20:56:15Z", - "description": "ISO-8601 formatted timestamp for when this invoice was created." - }, - "currency_type": { - "type": "string", - "example": "usd", - "description": "The currency type, using a ISO-4217 three-letter code in lowercase." - }, - "plan": { - "type": "string", - "example": "Huntress Partner 100 Agents", - "description": "The corresponding name of huntress subscription plan sku." - }, - "quantity": { - "type": "integer", - "format": "int64", - "example": 101, - "description": "The total count of licensed agents accounted for in this invoice." - }, - "receipt": { - "type": "string", - "example": "https://pay.stripe/com/invoice/invst_uuid", - "description": "A direct link to stripe payment invoice for this invoice." - }, - "status": { - "type": "string", - "example": "paid", - "description": "The invoice status. Can be one of `open`, `paid`, `failed`, `partial_refund`, `full_refund`." - }, - "updated_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-01T20:56:15Z", - "description": "ISO-8601 formatted timestamp for when this invoice was last updated." - } - }, - "description": "Invoice model" - }, - "RestApi_V1_Entities_Pagination": { - "type": "object", - "properties": { - "current_page": { - "type": "string" - }, - "current_page_count": { - "type": "string" - }, - "limit": { - "type": "string" - }, - "total_count": { - "type": "string" - }, - "next_page": { - "type": "string" - }, - "next_page_url": { - "type": "string" - }, - "next_page_token": { - "type": "string" - } - }, - "description": "RestApi_V1_Entities_Pagination model" - }, - "AccountUsageLineItem": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int64", - "example": 1, - "description": "A unique identifier for this Account Usage Line Item." - }, - "period_start": { - "type": "string", - "example": "2026-01-10 01:07:08 UTC", - "description": "The time and date that this billing period started." - }, - "period_end": { - "type": "string", - "example": "2026-02-09 01:07:08 UTC", - "description": "The time and date that this billing period ended." - }, - "account": { - "type": "Object", - "example": { - "id": 123, - "name": "Willy Wonka", - "subdomain": "willy_wonka" - }, - "description": "The account in which this data belongs to." - }, - "product": { - "type": "string", - "example": "edr", - "description": "The product that this data pertains to." - }, - "subscription": { - "type": "Object", - "example": { - "start_date": "2025-11-10 22:35:14 UTC", - "end_date": "2025-11-10 22:35:14 UTC", - "minimum": 400 - }, - "description": "Subscription information that is tied to the account and invoice." - }, - "usage": { - "type": "Object", - "example": { - "billable": 400, - "non_billable": 0, - "actual": 300 - }, - "description": "The accounts breakdown of its use of the product and the billing around it." - } - }, - "description": "AccountUsageLineItem model" - }, - "OrganizationUsageLineItem": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int64", - "example": 1, - "description": "A unique identifier for this Organization Usage Line Item." - }, - "period_start": { - "type": "string", - "example": "2026-02-11T14:12:08Z", - "description": "The time and date that this billing period started." - }, - "period_end": { - "type": "string", - "example": "2027-02-11T14:12:08Z", - "description": "The time and date that this billing period ended." - }, - "account": { - "type": "Object", - "example": { - "id": 123, - "name": "Willy Wonka", - "subdomain": "willy_wonka" - }, - "description": "The account in which this data belongs to." - }, - "organization": { - "type": "Object", - "example": { - "id": 123, - "name": "Willy Wonka" - }, - "description": "The organization to which this data belongs." - }, - "actual_usage": { - "type": "Object", - "example": { - "edr": 400, - "itdr": 20, - "sat": 300, - "siem": 50 - }, - "description": "A breakdown by Huntress product of the number of units actually used for an organization." - } - }, - "description": "OrganizationUsageLineItem model" - }, - "Subscription": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int64", - "example": 1, - "description": "A unique identifier for the subscription." - }, - "account": { - "type": "Object", - "example": { - "id": 1, - "name": "Little Bobby's Table Emporium" - }, - "description": "The account associated with this subscription." - }, - "product": { - "type": "string", - "enum": [ - "edr", - "sat", - "itdr", - "siem" - ], - "example": "edr", - "description": "The product type for this subscription." - }, - "status": { - "type": "string", - "enum": [ - "draft", - "approved", - "accepted", - "active", - "completed" - ], - "example": "active", - "description": "The subscription status." - }, - "minimum_usage": { - "type": "integer", - "format": "int64", - "example": 100, - "description": "The minimum usage commitment for this subscription." - }, - "billing_interval": { - "type": "string", - "enum": [ - "monthly", - "annual" - ], - "example": "monthly", - "description": "The billing interval for this subscription." - }, - "effective_date": { - "type": "string", - "example": "2024-01-01T00:00:00Z", - "description": "ISO-8601 formatted date when this subscription becomes effective." - }, - "renewal_date": { - "type": "string", - "example": "2025-01-01T00:00:00Z", - "description": "ISO-8601 formatted date when this subscription renews." - }, - "auto_renew": { - "type": "boolean", - "example": true, - "description": "Whether this subscription will auto-renew." - }, - "schedules": { - "type": "array", - "items": { - "$ref": "#/definitions/SubscriptionSchedule" - }, - "example": [ - { - "id": 1, - "minimum": 100, - "maximum": 500, - "status": "active", - "target_price": 200, - "months": 12, - "promo_units": 0, - "starts_at": "2024-01-01T00:00:00Z", - "ends_at": "2025-01-01T00:00:00Z" - } - ], - "description": "The schedules associated with this subscription." - } - }, - "description": "Subscription model" - }, - "SubscriptionSchedule": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int64", - "example": 1, - "description": "A unique identifier for the subscription schedule." - }, - "minimum": { - "type": "integer", - "format": "int64", - "example": 100, - "description": "The minimum usage commitment for this schedule period." - }, - "maximum": { - "type": "integer", - "format": "int64", - "example": 500, - "description": "The maximum usage limit for this schedule period." - }, - "status": { - "type": "string", - "enum": [ - "active", - "completed", - "pending" - ], - "example": "active", - "description": "The schedule status." - }, - "target_price": { - "type": "integer", - "format": "int64", - "example": 200, - "description": "The target price per unit for this schedule period." - }, - "months": { - "type": "integer", - "format": "int64", - "example": 12, - "description": "The number of months this schedule period covers." - }, - "promo_units": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The number of promotional units for this schedule period." - }, - "starts_at": { - "type": "string", - "example": "2024-01-01T00:00:00Z", - "description": "ISO-8601 formatted date when this schedule period starts." - }, - "ends_at": { - "type": "string", - "example": "2025-01-01T00:00:00Z", - "description": "ISO-8601 formatted date when this schedule period ends." - } - } - }, - "SubscriptionCreationParameters": { - "type": "object", - "properties": { - "account_id": { - "type": "integer", - "format": "int32", - "description": "The reseller subaccount ID" - }, - "product": { - "type": "string", - "description": "Product type", - "enum": [ - "edr", - "sat", - "itdr", - "siem" - ] - }, - "minimum": { - "type": "integer", - "format": "int32", - "description": "Minimum usage commitment (must be greater than zero)" - }, - "purchase_order": { - "type": "string", - "description": "Purchase order number" - }, - "billing_interval": { - "type": "string", - "description": "Billing interval", - "enum": [ - "monthly", - "annual" - ], - "default": "monthly" - } - }, - "required": [ - "account_id", - "product", - "minimum", - "purchase_order" - ], - "description": "Create Reseller Subscription" - }, - "SubscriptionUpdateParameters": { - "type": "object", - "properties": { - "minimum": { - "type": "integer", - "format": "int32", - "description": "Minimum usage commitment (must be greater than zero)" - }, - "purchase_order": { - "type": "string", - "description": "Purchase order number" - }, - "billing_interval": { - "type": "string", - "description": "Billing interval", - "enum": [ - "monthly", - "annual" - ] - }, - "additional_units": { - "type": "integer", - "format": "int32", - "description": "Units to add (active subscriptions only)" - }, - "auto_renew": { - "type": "boolean", - "description": "Set auto-renew (active subscriptions only)" - } - }, - "description": "Update Reseller Subscription" - }, - "SubscriptionUpgradeParameters": { - "type": "object", - "properties": { - "minimum": { - "type": "integer", - "format": "int32", - "description": "New minimum usage commitment (must be greater than zero)" - }, - "purchase_order": { - "type": "string", - "description": "Purchase order number (defaults to existing subscription's PO)" - }, - "on_renewal": { - "type": "boolean", - "description": "Schedule upgrade for next renewal instead of immediately", - "default": false - } - }, - "required": [ - "minimum" - ], - "description": "Upgrade Reseller Subscription" - }, - "postV1SiemQuery": { - "type": "object", - "properties": { - "esql": { - "type": "string", - "description": "ESQL query string (must begin with FROM logs)" - }, - "range_start": { - "type": "string", - "format": "date-time", - "description": "Query range start (ISO 8601)" - }, - "range_end": { - "type": "string", - "format": "date-time", - "description": "Query range end (ISO 8601)" - }, - "page_token": { - "type": "string", - "description": "Pagination token from previous response" - } - }, - "required": [ - "esql", - "range_start", - "range_end" - ], - "description": "Execute ESQL Query" - }, - "SiemQueryResult": { - "type": "object", - "properties": { - "logs": { - "type": "array", - "items": { - "type": "object" - }, - "example": [ - { - "uuid": "019612ab-1234-7000-8000-000000000001", - "event.provider": "Microsoft-Windows-Security-Auditing", - "host.hostname": "DESKTOP-ABC123", - "message": "An account was successfully logged on." - } - ], - "description": "Array of log records. Keys are Elastic Common Schema (ECS) field names (e.g. `event.provider`, `host.hostname`). The fields present depend on the columns selected by your ESQL query. With no column selection, all available ECS fields are returned." - }, - "pagination": { - "$ref": "#/definitions/SiemPagination", - "example": { - "next_page_token": "019612ab-1234-7000-8000-000000000002" - }, - "description": "Pagination details. Contains `next_page_token` when additional results are available." - } - }, - "description": "SiemQueryResult model" - }, - "SiemPagination": { - "type": "object", - "properties": { - "next_page_token": { - "type": "string", - "example": "019612ab-1234-7000-8000-000000000001", - "description": "Token to retrieve the next page of results. Omitted when all results have been returned." - } - } - }, - "Account": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int64", - "example": 1, - "description": "A unique identifier for the account." - }, - "name": { - "type": "string", - "example": "Your Account", - "description": "The public facing display name for the account." - }, - "subdomain": { - "type": "string", - "example": "exampleaccount", - "description": "The subdomain for the account." - }, - "status": { - "type": "string", - "example": "enabled", - "description": "The current status on the account. Can be one of `enabled`, `disabled`." - }, - "support_type": { - "type": "string", - "enum": [ - "huntress_supported", - "partner_supported", - "not_applicable" - ], - "example": "huntress_supported", - "description": "For accounts that have been provisioned through a reseller, this field indicates whether the account is huntress supported or partner supported." - }, - "neighborhood_watch": { - "type": "Object", - "example": { - "edr": 10, - "itdr": 10, - "sat": 10, - "siem": 10 - }, - "description": "The count of Neighborhood Watch seats assigned to the account, by product." - }, - "billing_address": { - "$ref": "#/definitions/Address", - "description": "The billing address for the account, or null if not set." - }, - "shipping_address": { - "$ref": "#/definitions/Address", - "description": "The shipping address for the account, or null if not set." - } - }, - "description": "Account model" - }, - "Address": { - "type": "object", - "properties": { - "line1": { - "type": "string", - "description": "Street address line 1." - }, - "line2": { - "type": "string", - "description": "Street address line 2." - }, - "city": { - "type": "string", - "description": "City." - }, - "state": { - "type": "string", - "description": "State or province. Required for US and CA addresses." - }, - "postal_code": { - "type": "string", - "description": "Postal or ZIP code. Required for US and GB addresses." - }, - "country": { - "type": "string", - "description": "Two-letter ISO 3166-1 alpha-2 country code." - } - } - }, - "AccountCreationParameters": { - "type": "object", - "properties": { - "name": { - "type": "string", - "description": "Name of the account to be created" - }, - "subdomain": { - "type": "string", - "description": "Subdomain this account will use to access the Huntress portal" - }, - "phone_number": { - "type": "string", - "description": "Primary phone number used to contact account owner" - }, - "admin": { - "type": "object", - "properties": { - "first_name": { - "type": "string", - "description": "First name of the initial admin user for this account" - }, - "last_name": { - "type": "string", - "description": "Last name of the initial admin user for this account" - }, - "email": { - "type": "string", - "description": "Email address of the initial admin user for this account" - } - }, - "required": [ - "first_name", - "last_name", - "email" - ] - }, - "additional_admin_emails": { - "type": "array", - "description": "Email addresses of additional admin users to invite to this account", - "example": [ - "another_admin@example.com", - "one_more@example.com" - ], - "items": { - "type": "string", - "additionalProperties": { - "type": "String" - } - } - }, - "support_type": { - "type": "string", - "description": "Specifies whether a reseller account is managed by the partner or by\nHuntress.\n\nNOTE: This field is only required for Managed Resellers. For all\nother types of resellers, there is only one valid support type, so it\nwill be selected automatically.\n", - "enum": [ - "huntress_supported", - "partner_supported" - ] - }, - "products": { - "type": "array", - "description": "A list of the products to provision for this account.\n\nNOTE: This field is only relevant for Aggregators. For all other\ntypes of resellers, the appropriate trials will be created\nautomatically and this field will be ignored. (If you aren't sure\nwhether this applies to you, you can probably ignore this field.)\n", - "example": [ - "edr", - "sat", - "itdr", - "siem" - ], - "items": { - "type": "string", - "enum": [ - "edr", - "sat", - "itdr", - "siem" - ], - "additionalProperties": { - "type": "String" - } - } - }, - "billing_address": { - "type": "object", - "description": "Billing address for the account. If provided, must be valid.", - "properties": { - "line1": { - "type": "string", - "description": "Street address line 1" - }, - "line2": { - "type": "string", - "description": "Street address line 2" - }, - "city": { - "type": "string", - "description": "City" - }, - "state": { - "type": "string", - "description": "State or province (required for US and CA)" - }, - "postal_code": { - "type": "string", - "description": "Postal or ZIP code (required for US and GB)" - }, - "country": { - "type": "string", - "description": "Two-letter ISO 3166-1 alpha-2 country code" - } - } - }, - "shipping_address": { - "type": "object", - "description": "Shipping address for the account. If provided, must be valid.", - "properties": { - "line1": { - "type": "string", - "description": "Street address line 1" - }, - "line2": { - "type": "string", - "description": "Street address line 2" - }, - "city": { - "type": "string", - "description": "City" - }, - "state": { - "type": "string", - "description": "State or province (required for US and CA)" - }, - "postal_code": { - "type": "string", - "description": "Postal or ZIP code (required for US and GB)" - }, - "country": { - "type": "string", - "description": "Two-letter ISO 3166-1 alpha-2 country code" - } - } - } - }, - "required": [ - "name", - "subdomain", - "phone_number", - "admin" - ], - "description": "Create Account" - }, - "AccountUpdateParameters": { - "type": "object", - "properties": { - "name": { - "type": "string", - "description": "Name of the account" - }, - "subdomain": { - "type": "string", - "description": "Subdomain this account will use to access the Huntress portal" - }, - "phone_number": { - "type": "string", - "description": "Primary phone number used to contact account owner" - }, - "support_type": { - "type": "string", - "description": "Specifies whether a reseller account is managed by the partner or by\nHuntress.\n\nNOTE: This field is only applicable for Managed Resellers. For all\nother types of resellers, there is only one valid support type, so it\ncannot be updated.\n", - "enum": [ - "huntress_supported", - "partner_supported" - ] - }, - "billing_address": { - "type": "object", - "description": "Billing address for the account. If provided, must be valid.", - "properties": { - "line1": { - "type": "string", - "description": "Street address line 1" - }, - "line2": { - "type": "string", - "description": "Street address line 2" - }, - "city": { - "type": "string", - "description": "City" - }, - "state": { - "type": "string", - "description": "State or province (required for US and CA)" - }, - "postal_code": { - "type": "string", - "description": "Postal or ZIP code (required for US and GB)" - }, - "country": { - "type": "string", - "description": "Two-letter ISO 3166-1 alpha-2 country code" - } - } - }, - "shipping_address": { - "type": "object", - "description": "Shipping address for the account. If provided, must be valid.", - "properties": { - "line1": { - "type": "string", - "description": "Street address line 1" - }, - "line2": { - "type": "string", - "description": "Street address line 2" - }, - "city": { - "type": "string", - "description": "City" - }, - "state": { - "type": "string", - "description": "State or province (required for US and CA)" - }, - "postal_code": { - "type": "string", - "description": "Postal or ZIP code (required for US and GB)" - }, - "country": { - "type": "string", - "description": "Two-letter ISO 3166-1 alpha-2 country code" - } - } - } - }, - "description": "Update Account" - }, - "Agent": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int64", - "example": 1, - "description": "A unique identifier for an agent." - }, - "account_id": { - "type": "integer", - "format": "int64", - "example": 5, - "description": "The unique identifier of the account associated with the agent." - }, - "arch": { - "type": "string", - "example": "x86_64", - "description": "The architecture on the host machine." - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-01T20:05:10Z", - "description": "A timestamp for when the agent was created, formatted as per ISO-8601." - }, - "domain_name": { - "type": "string", - "example": "WORKGROUP", - "description": "Domain that refers to the host machine." - }, - "edr_version": { - "type": "string", - "example": "0.3.20", - "description": "The semantic versioning number of the Huntress EDR software installed on the machine or `null` if EDR is not installed." - }, - "external_ip": { - "type": "string", - "example": "198.51.100.42", - "description": "The external IP of the host machine, if applicable." - }, - "hostname": { - "type": "string", - "example": "laptop01", - "description": "The hostname of the host machine." - }, - "defender_policy_status": { - "type": "string", - "example": "Compliant", - "description": "Policy status of Defender AV for Managed Antivirus." - }, - "defender_status": { - "type": "string", - "example": "Healthy", - "description": "Status of Defender AV Managed Antivirus." - }, - "defender_substatus": { - "type": "string", - "example": "Up to date", - "description": "Sub-status of Defender AV Managed Antivirus." - }, - "firewall_status": { - "type": "string", - "example": "Disabled", - "description": "Status of agent firewall. Can be one of Disabled, Enabled, Pending Isolation, Isolated, Pending Release" - }, - "ipv4_address": { - "type": "string", - "example": "146.134.139.9", - "description": "The internal IP of the host machine." - }, - "last_callback_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-01T20:05:10Z", - "description": "A timestamp for when the last time Huntress was able to access the host machine." - }, - "last_survey_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-01T20:05:10Z", - "description": "A timestamp for when the last Microsoft Defender survey was received by Huntress for this host machine." - }, - "mac_addresses": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "7c:a7:b0:16:2f:78" - ], - "description": "The unique media access control (MAC) addresses associated with the agent." - }, - "service_pack_major": { - "type": "integer", - "format": "int32", - "example": 0, - "description": "The major version of the Windows service pack installed on the host machine." - }, - "service_pack_minor": { - "type": "integer", - "format": "int32", - "example": 0, - "description": "The minor version of the Windows service pack installed on the host machine." - }, - "organization_id": { - "type": "integer", - "format": "int64", - "example": 7, - "description": "The unique identifier of the organization associated with the agent." - }, - "os": { - "type": "string", - "example": "Windows 8 Pro", - "description": "The operating system of the host machine." - }, - "os_build_version": { - "type": "string", - "example": "19044", - "description": "The operating system build number of the host machine corresponding to its platform (windows or darwin)." - }, - "os_major": { - "type": "integer", - "format": "int32", - "example": 6, - "description": "The major OS version of the host machine. Corresponds with the major releases of Windows operating systems. A list is accessible here." - }, - "os_minor": { - "type": "integer", - "format": "int32", - "example": 2, - "description": " The minor OS version of the host machine. Refer to the `os_major` field details for further details." - }, - "os_patch": { - "type": "integer", - "format": "int32", - "example": 0, - "description": "The patch version of the macOS update installed on the host machine, such as 1 in version 12.5.1." - }, - "platform": { - "type": "string", - "example": "windows", - "description": "The platform of the host machine (`darwin`, `windows`, or `linux`)." - }, - "serial_number": { - "type": "string", - "example": "wtIe1bvDbh", - "description": "The serial number of the host machine as reported to the operating system." - }, - "tags": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "Server", - "Production" - ], - "description": "User classifications on the host machine." - }, - "updated_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-01T20:05:10Z", - "description": "A timestamp for when the agent was last updated, formatted as per ISO-8601." - }, - "version": { - "type": "string", - "example": "0.11.3", - "description": "The semantic versioning number of the agent installed on the host machine." - }, - "version_number": { - "type": "integer", - "format": "int32", - "example": 720899, - "description": "Windows version number." - }, - "win_build_number": { - "type": "integer", - "format": "int32", - "example": 19044, - "description": "The Windows Build Number. Should correspond to information on the Microsoft site." - } - }, - "description": "Agent model" - }, - "ExternalPort": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int64", - "example": 42, - "description": "A unique identifier for an external port record." - }, - "ip_address": { - "type": "string", - "example": "203.0.113.5", - "description": "The public IPv4 address associated with this external port." - }, - "port": { - "type": "integer", - "format": "int32", - "example": 22, - "description": "The port number." - }, - "protocol": { - "type": "string", - "example": "TCP", - "description": "The transport protocol (usually TCP or UDP)." - }, - "service": { - "type": "string", - "example": "ssh", - "description": "The service or application detected on the port." - }, - "risky_service": { - "type": "boolean", - "example": true, - "description": "Whether the detected service is considered risky." - }, - "last_scan_at": { - "type": "string", - "format": "date-time", - "example": "2026-03-15T12:00:00Z", - "description": "Timestamp of the last Huntress scan, formatted as per ISO-8601." - }, - "last_external_scan_at": { - "type": "string", - "format": "date-time", - "example": "2026-03-14T08:00:00Z", - "description": "Timestamp of the last external scan, formatted as per ISO-8601." - }, - "organization_ids": { - "type": "array", - "example": [ - 1, - 5 - ], - "description": "IDs of organizations associated with this external port that are accessible to the current user." - } - }, - "description": "ExternalPort model" - }, - "IncidentReport": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int64", - "example": 1, - "description": "A unique identifier for an incident report." - }, - "account_id": { - "type": "integer", - "format": "int64", - "example": 5, - "description": "Unique identifier for the account this incident report is associated with." - }, - "agent_id": { - "type": "integer", - "format": "int64", - "example": 12, - "description": "Unique identifier for the agent this incident report is associated with." - }, - "body": { - "type": "string", - "example": "", - "description": "Autogenerated content describing the details of the incident in question." - }, - "closed_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-15T14:22:00Z", - "description": "ISO-8601 formatted timestamp for when this incident report had its status set to `closed`. Null if non-applicable." - }, - "indicator_counts": { - "type": "object", - "example": { - "footholds": 1, - "monitored_files": 0, - "process_detections": 0, - "ransomware_canaries": 0, - "antivirus_detections": 0 - }, - "description": "Mapping of indicator types to number of incidences of that threat in the context of this incident report." - }, - "indicator_types": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "footholds" - ], - "description": "Unique list of threat indicators that have been found in the context of this incident report." - }, - "organization_id": { - "type": "integer", - "format": "int64", - "example": 4, - "description": "Unique identifier for the organization this incident report is associated with." - }, - "platform": { - "type": "string", - "example": "windows", - "description": "The platform of the host machine (`darwin`,`google`,`microsoft_365`,`linux`,`windows`, or `other`)." - }, - "remediations": { - "type": "object", - "example": { - "total_count": 1, - "has_more": false, - "items": [ - { - "id": 1, - "type": "manual", - "action": "Delete File", - "parameters": [ - { - "name": "path", - "description": "c:\\windows\\system32\\tasks\\malicious_task" - } - ], - "status": "completed", - "approved_at": "2025-06-26T18:57:03Z", - "approved_by": { - "id": "123123", - "email": "john.smith@example.com", - "name": "John smith" - }, - "completed_at": "2025-06-26T18:57:03Z" - } - ] - }, - "description": "This represents an itemized list of the first 10 remediations for an incident report. If there are more than 10, use the remediations endpoint to retrieve information about them." - }, - "sent_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-01T21:00:00Z", - "description": "ISO-8601 formatted timestamp for when a Huntress SOC analyst has notified necessary parties regarding this incident report. Null if not sent." - }, - "severity": { - "type": "string", - "example": "low", - "description": "The severity of the incident report. Can be one of `low`, `high`, `critical`." - }, - "status": { - "type": "string", - "example": "closed", - "description": "Status of the incident report. Can be one of `sent`, `closed`, `dismissed`" - }, - "status_updated_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-15T14:22:00Z", - "description": "ISO-8601 formatted timestamp for when the status of this incident report was last updated." - }, - "subject": { - "type": "string", - "example": "LOW - Incident on laptop01 (Test)", - "description": "Autogenerated one-line description of the incident." - }, - "summary": { - "type": "string", - "example": "Huntress detected a malicious scheduled task on this host. We recommend removing the file and scheduled task listed in the remediation steps below.", - "description": "Details of the incident report, as provided by a Huntress SOC analyst." - }, - "updated_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-01T20:31:30Z", - "description": "ISO-8601 formatted timestamp for when this incident report was last updated." - } - }, - "description": "IncidentReport model" - }, - "Membership": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int64", - "example": 1, - "description": "A unique identifier for this membership. Note that this is _not_ the id of the user, account, etc. Instead, it identifies this specific relationship, which can be used to modify or delete the membership." - }, - "permissions": { - "type": "string", - "enum": [ - "Admin", - "Security Engineer", - "User", - "Read-only", - "Finance", - "Marketing", - "Admin-Read-only", - "Provisioner" - ], - "example": "Read-only", - "description": "The specific level of permissions that have been granted to this user in the context of this membership." - }, - "account": { - "type": "Object", - "example": { - "id": 1234, - "name": "Exemplary Accounting, LLC" - }, - "description": "The account associated with this membership (if any)." - }, - "organization": { - "type": "Object", - "example": { - "id": 5678, - "name": "Organic Zations" - }, - "description": "The organization associated with this membership (if any)." - }, - "user": { - "type": "Object", - "example": { - "id": 90210, - "email": "little_bobby@example.com", - "name": "Robert Tables" - }, - "description": "The user associated with this membership." - }, - "created_at": { - "type": "string", - "example": "2026-01-22 01:07:08 UTC", - "description": "The time and date that this membership was created." - }, - "updated_at": { - "type": "string", - "example": "2026-01-22 01:07:08 UTC", - "description": "The time and date that this membership was last updated." - } - }, - "description": "Membership model" - }, - "MembershipCreationParameters": { - "type": "object", - "properties": { - "email": { - "type": "string", - "description": "The email address of the user you are inviting.", - "example": "accounting@example.com" - }, - "first_name": { - "type": "string", - "description": "The first name of the user you are inviting.", - "example": "Accounting" - }, - "last_name": { - "type": "string", - "description": "The last name of the user you are inviting.", - "example": "Department" - }, - "permissions": { - "type": "string", - "description": "The specific permissions this membership will grant to the user.", - "enum": [ - "Admin", - "Security Engineer", - "User", - "Read-only", - "Finance", - "Marketing" - ], - "example": "Read-only" - }, - "organization_id": { - "type": "integer", - "format": "int32", - "description": "Include this parameter to invite a user to an organization instead of your account.", - "example": 123456 - } - }, - "required": [ - "email", - "first_name", - "last_name", - "permissions" - ], - "description": "Create a Membership" - }, - "MemberInvitation": { - "type": "object", - "properties": { - "permissions": { - "type": "string", - "example": "Read-only", - "description": "The specific level of permissions that have been granted to this user in the context of this membership." - }, - "account": { - "type": "Object", - "example": { - "id": 1234, - "name": "Exemplary Accounting, LLC" - }, - "description": "The account associated with this membership (if any)." - }, - "organization": { - "type": "Object", - "example": { - "id": 5678, - "name": "Organic Zations" - }, - "description": "The organization associated with this membership (if any)." - }, - "user": { - "type": "Object", - "example": { - "email": "little_bobby@example.com", - "name": "Robert Tables" - }, - "description": "The user associated with this membership." - } - }, - "description": "MemberInvitation model" - }, - "MembershipUpdateParameters": { - "type": "object", - "properties": { - "permissions": { - "type": "string", - "description": "The specific level of permissions that have been granted to the user in the context of this membership. For more information, see our [support article](https://support.huntress.io/hc/en-us/articles/4404012728083-Huntress-Portal-User-Permissions) on permissions. Accepted values:\n", - "enum": [ - "Admin", - "Finance", - "Marketing", - "Read-only", - "Security Engineer", - "User" - ], - "example": "Security Engineer" - } - }, - "description": "Update a User's membership" - }, - "Organization": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int64", - "example": 1, - "description": "A Huntress-unique identifier for the organization." - }, - "agents_count": { - "type": "integer", - "format": "int64", - "example": 42, - "description": "Number of all agents for the organization." - }, - "account_id": { - "type": "integer", - "format": "int64", - "example": 5, - "description": "The unique identifier of the account associated with the organization." - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-01T18:54:02Z", - "description": "A timestamp for when the organization was created, formatted as per ISO-8601." - }, - "incident_reports_count": { - "type": "integer", - "format": "int64", - "example": 42, - "description": "Number of incident reports for the organization." - }, - "key": { - "type": "string", - "example": "test1", - "description": "The subdomain associated with the organization." - }, - "logs_sources_count": { - "type": "integer", - "format": "int64", - "example": 42, - "description": "Number of SIEM sources." - }, - "identity_provider_tenant_id": { - "type": "string", - "example": "dcd219dd-bc68-4b9b-bf0b-4a33a796be35", - "description": "The Identity Provider Tenant ID associated with the organization" - }, - "billable_identity_count": { - "type": "integer", - "format": "int64", - "example": 42, - "description": "Number of billable identities for the organization." - }, - "name": { - "type": "string", - "example": "Acme Inc.", - "description": "The public facing name for this organization." - }, - "report_recipients": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "test@test.com", - "fakenotificiation@test.com" - ], - "description": "A list of emails Huntress is configured to send notification emails for the organization." - }, - "sat_learner_count": { - "type": "integer", - "format": "int64", - "example": 42, - "description": "Number of SAT learners." - }, - "updated_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-01T18:54:02Z", - "description": "A timestamp for when the organization was updated, formatted as per ISO-8601." - } - }, - "required": [ - "microsoft_365_tenant_id", - "microsoft_365_users_count", - "notify_emails" - ], - "description": "Organization model" - }, - "OrganizationCreationParameters": { - "type": "object", - "properties": { - "name": { - "type": "string", - "description": "The name of the organization. Value cannot be blank and must be 256 characters or less.", - "example": "Most Amazing Company, Ltd." - }, - "key": { - "type": "string", - "description": "Organization keys are used to associate a Huntress Agent into a grouping. Value cannot be blank and must be 256 characters or less.", - "example": "amazing" - } - }, - "required": [ - "name", - "key" - ], - "description": "Create an Organization" - }, - "OrganizationUpdateParameters": { - "type": "object", - "properties": { - "name": { - "type": "string", - "description": "The name of the organization. Value cannot be blank and must be 256 characters or less.", - "example": "Most Amazing Company, Ltd." - }, - "key": { - "type": "string", - "description": "Organization keys are used to associate a Huntress Agent into a grouping. Value cannot be blank and must be 256 characters or less.", - "example": "amazing" - }, - "report_recipients": { - "type": "array", - "description": "Any emails specified here will automatically receive quarterly and monthly branded reports.", - "example": [ - "vera@bradley.com", - "my@user.net" - ], - "items": null - } - }, - "description": "Update an Organization" - }, - "Remediation": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int64", - "example": 1, - "description": "A unique identifier for a remediation." - }, - "type": { - "type": "string", - "example": "manual", - "description": "The type of the remediation. Can be one of: assisted, manual, containment" - }, - "action": { - "type": "string", - "example": "Delete File", - "description": "Description of the remediation's required steps." - }, - "parameters": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - { - "name": "path", - "description": "c:\\windows\\system32\\tasks\\malicious_task" - } - ], - "description": "Additional context on how the remediation will be performed.
For containment remediations, this will be a string showing the entity to which the remediation was applied.
For assisted remediations this will be an array of key value pairs representing all the parameters that are related to the remediation.
Manual remediations will have no information." - }, - "status": { - "type": "string", - "example": "completed", - "description": "The status of the remediation. Can be one of: unapproved, approved, completed, failed, cancelled" - }, - "approved_at": { - "type": "string", - "format": "date-time", - "example": "2025-06-26T18:57:03Z", - "description": "ISO-8601 formatted timestamp for when the remediation was approved." - }, - "approved_by": { - "$ref": "#/definitions/User", - "example": { - "id": 123123, - "name": "John Smith", - "email": "john.smith@example.com" - }, - "description": "The user that approved the remediation." - }, - "completed_at": { - "type": "string", - "format": "date-time", - "example": "2025-06-26T18:57:03Z", - "description": "ISO-8601 formatted timestamp for when the remediation was completed." - } - }, - "description": "Remediation model" - }, - "User": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int64", - "example": 1, - "description": "A unique identifier for the user." - }, - "email": { - "type": "string", - "example": "john.smith@example.com", - "description": "The user's email." - }, - "name": { - "type": "string", - "example": "John Smith", - "description": "The user's name." - } - } - }, - "RemediationBulkRejectionParameters": { - "type": "object", - "properties": { - "comment": { - "type": "string", - "description": "A description of why the remediations were rejected. This explanation helps Huntress SOC analysts fix the remediation plan and re-issue the incident report." - }, - "useful": { - "type": "boolean", - "description": "Whether or not the remediation plan was useful." - }, - "name": { - "type": "string", - "description": "Name of the user rejecting the remediations. Falls back to the user attached to the API key if not provided." - }, - "phone_number": { - "type": "string", - "description": "Phone number to be contacted by the Huntress SOC. Falls back to the phone number of the user attached to the API key if not provided." - }, - "email": { - "type": "string", - "description": "Email to be contacted by the Huntress SOC. Falls back to the email of the user attached to the API key if not provided." - } - }, - "required": [ - "comment", - "useful" - ], - "description": "Bulk Reject Remediations Remediations" - }, - "SummaryReport": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int64", - "example": 1, - "description": "A unique identifier for the summary report." - }, - "agents_count": { - "type": "integer", - "format": "int64", - "example": 2, - "description": "The number of agents deployed." - }, - "allowed_exclusions_count": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The number of allowed exclusions." - }, - "analyst_note": { - "type": "string", - "example": "Everything is awesome! Thanks for using Huntress.", - "description": "The analyst note for this report." - }, - "antivirus_exclusions_count": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The number of antivirus exclusions." - }, - "autorun_events": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The total number of autorun (auto-starting application) events in this report." - }, - "autorun_signals_detected": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The total number of autorun (auto-starting application) signals detected" - }, - "autorun_signals_reviewed": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The number of autorun signals (auto-starting application) reviewed." - }, - "autoruns_reviewed": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "A count of all the autoruns (auto-starting application) reviewed." - }, - "blocked_malware_count": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "A count of blocked malware." - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-01T20:56:15Z", - "description": "ISO-8601 formatted timestamp for when this summary report was created." - }, - "deployed_canaries_count": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The number of canaries deployed." - }, - "events_analyzed": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "A count of the events analyzed." - }, - "global_threats_note": { - "type": "string", - "example": "World peace! No threats to see here.", - "description": "The global threats note for this report." - }, - "host_processes_analyzed": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "A count of host processes analyzed." - }, - "incident_indicator_counts": { - "type": "Object", - "example": { - "managed_av": 0 - }, - "description": "A map of incident indicators (as strings) to counts (as integers)." - }, - "incident_log": { - "type": "array", - "items": { - "type": "string" - }, - "example": [], - "description": "A JSON representation of any critical or high severity incidents from this report." - }, - "incident_product_counts": { - "type": "Object", - "example": { - "edr": 16, - "itdr": 0, - "siem": 0 - }, - "description": "A map of product names (as strings) to counts (as integers)." - }, - "incident_severity_counts": { - "type": "Object", - "example": { - "low": 16 - }, - "description": "A map of incident severities (as strings) to counts (as integers)." - }, - "incidents_reported": { - "type": "integer", - "format": "int64", - "example": 16, - "description": "The total number of incidents reported." - }, - "incidents_resolved": { - "type": "integer", - "format": "int64", - "example": 1, - "description": "The total number of incidents resolved." - }, - "investigated_mav_detection_count": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "A count of investigated Managed Antivirus (MAV) detections." - }, - "investigations_completed": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The total number of investigations completed in this report." - }, - "itdr_entities": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "A count of Identity Threat Detection Response entities" - }, - "itdr_events": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "A count of Identity Threat Detection Response events" - }, - "itdr_incidents_reported": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The number of Identity Threat Detection Response incidents reported" - }, - "itdr_investigations_completed": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "A count of Identity Threat Detection Response investigations completed" - }, - "itdr_signals": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The total number of Identity Threat Detection Response signals" - }, - "macos_agent_count": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The number of MacOS agents." - }, - "macos_agents": { - "type": "boolean", - "example": false, - "description": "Indicates whether there are _any_ MacOS agents." - }, - "mav_incident_report_count": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "A count of Managed Antivirus (MAV) incident reports." - }, - "new_exclusions_count": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The number of new exclusions since the last summary report." - }, - "only_macos_agents": { - "type": "boolean", - "example": false, - "description": "Indicates whether there are _only_ MacOS agents." - }, - "organization_id": { - "type": "integer", - "format": "int64", - "example": 7, - "description": "Unique identifier for the organization this summary report is associated with." - }, - "period": { - "type": "string", - "example": "2022-02-01...2022-03-02", - "description": "A date range representing the coverage of the report, formatted as `start_date...end_date`." - }, - "potential_threat_indicators": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "A count of the potential threat indicators." - }, - "process_detections": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The total number of process detections." - }, - "process_detections_reported": { - "type": "integer", - "format": "int64", - "example": 0, - "description": " A count of the process detections reported." - }, - "process_detections_reviewed": { - "type": "integer", - "format": "int64", - "example": 0, - "description": " A count of the process detections reviewed." - }, - "protected_profiles_count": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The number of protected profiles." - }, - "ransomware_note": { - "type": "string", - "example": "No ransoms to report, all is well.", - "description": "The ransomware note for this report." - }, - "risky_exclusions_removed_count": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The number of risky exclusions removed." - }, - "servers_agent_count": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The number of server agents." - }, - "siem_incidents_reported": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The number of Security Information & Event Management incidents reported" - }, - "siem_ingested_logs": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "A count of Security Information & Event Management ingested logs" - }, - "siem_investigations_completed": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "A count of Security Information & Event Management signals that have been investigated" - }, - "siem_signals": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "The total number of Security Information & Event Management signals" - }, - "siem_total_logs": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "A count of Security Information & Event Management total logs" - }, - "signals_detected": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "A count of total signals detected." - }, - "signals_investigated": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "A count of total signals investigated." - }, - "top_incident_av_threats": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "some_threat", - "another_threat", - "threats_threats_threats" - ], - "description": "A list of the top av threats." - }, - "top_incident_hosts": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - "some_host", - "another_host", - "hosts_hosts_hosts" - ], - "description": "A list of the top hosts by number of incidents." - }, - "total_entities": { - "type": "integer", - "format": "int64", - "example": 2, - "description": "A count of the total entities included in this report." - }, - "total_mav_detection_count": { - "type": "integer", - "format": "int64", - "example": 0, - "description": "A count of the Managed Antivirus (MAV) detections." - }, - "type": { - "type": "string", - "example": "monthly_summary", - "description": "The report type. Can be one of `monthly_summary`, `quarterly_summary`, `yearly_summary`." - }, - "updated_at": { - "type": "string", - "format": "date-time", - "example": "2022-03-01T20:56:15Z", - "description": "ISO-8601 formatted timestamp for when this summary report was last updated." - }, - "url": { - "type": "string", - "example": "https://huntress.io/rails/active_storage/blobs/redirect/uuid.pdf?disposition=download", - "description": "The direct url to the pdf version of this summary report." - }, - "windows_agent_count": { - "type": "integer", - "format": "int64", - "example": 2, - "description": "The number of Windows agents." - }, - "windows_agents": { - "type": "boolean", - "example": true, - "description": "Indicates whether there are _any_ Windows agents." - } - }, - "description": "SummaryReport model" - }, - "Signal": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int64", - "example": 1, - "description": "A unique identifier for the signal." - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2025-06-26T18:57:03Z", - "description": "ISO-8601 formatted timestamp for when this signal was created." - }, - "details": { - "type": "object", - "example": { - "rule_name": "Firewall Disabled via Netsh", - "username": "admin22", - "process_name": "C:\\WINDOWS\\system32\\netsh.exe", - "command_line": "NetSh.exe Advfirewall set allprofiles state off", - "registry_key": "", - "file_path": "", - "file_rename_target": "", - "cleartext": "" - }, - "description": "Additional details attached to this signal. These details differ based on the signal type and contain information about where the signal originated." - }, - "entity": { - "type": "object", - "example": { - "id": 72183, - "name": "Laptop 52", - "type": "agent" - }, - "description": "Additional details about the entity from which the signal originated. This will always contain an ID, Type and Name." - }, - "investigated_at": { - "type": "string", - "example": "2025-06-26T18:57:03Z", - "description": "ISO-8601 formatted timestamp for when this signal was investigated." - }, - "investigation_context": { - "type": "string", - "example": "False Positive, Business Accepted Risk", - "description": "Represents categories attached to the signal by a SOC analyst which give extra insight on the investigation." - }, - "name": { - "type": "string", - "example": "Firewall Disabled via Netsh", - "description": "The name of the signal." - }, - "organization": { - "type": "object", - "example": { - "id": 232, - "name": "Huntress" - }, - "description": "Contains information about the organization this signal came from. Includes the organization ID and name." - }, - "status": { - "type": "string", - "example": "closed", - "description": "The status of the signal. Can be one of: `reported`, `closed`" - }, - "type": { - "type": "string", - "example": "Process Insights", - "description": "The type of the signal. Can be one of: user_entity, source, mailbox, service_principal, agent, identity" - }, - "updated_at": { - "type": "string", - "format": "date-time", - "example": "2025-06-26T18:57:03Z", - "description": "ISO-8601 formatted timestamp for when this signal was last updated." - } - }, - "description": "Signal model" - }, - "Actor": { - "type": "object", - "properties": { - "reseller": { - "type": "Object", - "example": { - "id": 12345, - "name": "ResellerCo" - }, - "description": "Information about the reseller associated with the supplied API credentials (if any)." - }, - "account": { - "type": "Object", - "example": { - "id": 12345, - "name": "Huntress", - "subdomain": "huntress", - "status": "enabled" - }, - "description": "Information about the account associated with the supplied API credentials (if any)." - }, - "user": { - "type": "Object", - "example": { - "id": 12345, - "email": "email@example.com", - "name": "Your User" - }, - "description": "Information about the user associated with the supplied API credentials (if any)." - } - }, - "description": "Actor model" - }, - "Escalation": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int64", - "example": 84938, - "description": "A Huntress-unique identifier for the escalation." - }, - "account": { - "type": "Account", - "example": { - "id": 1, - "name": "Your Account Name" - }, - "description": "The Account the escalation pertains to." - }, - "organizations": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - { - "id": 1234, - "name": "ExampleCo" - } - ], - "description": "An array of Organizations this escalation pertains to" - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2025-09-05T18:20:34Z", - "description": "ISO-8601 formatted timestamp for when this escalation was created." - }, - "resolved_at": { - "type": "string", - "format": "date-time", - "example": "2025-09-05T18:20:34Z", - "description": "ISO-8601 formatted timestamp for when this escalation was resolved." - }, - "severity": { - "type": "string", - "enum": [ - "low", - "high", - "critical" - ], - "example": "low", - "description": "The severity of the escalation." - }, - "status": { - "type": "string", - "enum": [ - "open", - "sent", - "resolved" - ], - "example": "resolved", - "description": "The status of the Escalation" - }, - "subject": { - "type": "string", - "example": "Defender Disabled", - "description": "The subject of the Escalation" - }, - "type": { - "type": "string", - "example": "Environmental Issue", - "description": "The type of the Escalation" - }, - "updated_at": { - "type": "string", - "format": "date-time", - "example": "2025-09-05T18:20:34Z", - "description": "ISO-8601 formatted timestamp for when this escalation was last updated." - } - }, - "required": [ - "id", - "account", - "organizations", - "created_at", - "resolved_at", - "severity", - "status", - "subject", - "type", - "updated_at" - ], - "description": "Escalation model" - }, - "EscalationWithEntities": { - "type": "object", - "properties": { - "id": { - "type": "integer", - "format": "int64", - "example": 84938, - "description": "A Huntress-unique identifier for the escalation." - }, - "account": { - "type": "Account", - "example": { - "id": 1, - "name": "Your Account Name" - }, - "description": "The Account the escalation pertains to." - }, - "organizations": { - "type": "array", - "items": { - "type": "string" - }, - "example": [ - { - "id": 1234, - "name": "ExampleCo" - } - ], - "description": "An array of Organizations this escalation pertains to" - }, - "created_at": { - "type": "string", - "format": "date-time", - "example": "2025-09-05T18:20:34Z", - "description": "ISO-8601 formatted timestamp for when this escalation was created." - }, - "resolved_at": { - "type": "string", - "format": "date-time", - "example": "2025-09-05T18:20:34Z", - "description": "ISO-8601 formatted timestamp for when this escalation was resolved." - }, - "severity": { - "type": "string", - "enum": [ - "low", - "high", - "critical" - ], - "example": "low", - "description": "The severity of the escalation." - }, - "status": { - "type": "string", - "enum": [ - "open", - "sent", - "resolved" - ], - "example": "resolved", - "description": "The status of the Escalation" - }, - "subject": { - "type": "string", - "example": "Defender Disabled", - "description": "The subject of the Escalation" - }, - "type": { - "type": "string", - "example": "Environmental Issue", - "description": "The type of the Escalation" - }, - "updated_at": { - "type": "string", - "format": "date-time", - "example": "2025-09-05T18:20:34Z", - "description": "ISO-8601 formatted timestamp for when this escalation was last updated." - }, - "entities": { - "type": "Object", - "example": { - "total_count": 1, - "has_more": false, - "items": [ - { - "id": 1, - "type": "Agent", - "details": { - "hostname": "laptop01", - "platform": "windows", - "os": "Windows 8 Pro", - "last_callback_at": "2025-09-05T18:20:35Z" - } - } - ] - }, - "description": "Object containing information about Entities associated with the escalation." - } - }, - "required": [ - "id", - "account", - "organizations", - "created_at", - "resolved_at", - "severity", - "status", - "subject", - "type", - "updated_at", - "entities" - ], - "description": "EscalationWithEntities model" - }, - "EscalationResolutionParameters": { - "type": "object", - "properties": { - "determination": { - "type": "string", - "description": "Determination is only used for Unwanted Country Access and Unwanted VPN Access Escalations. This field determines whether **all** the associated identities are expected or unauthorized.", - "enum": [ - "expected", - "unauthorized" - ] - }, - "scope": { - "type": "string", - "description": "Scope is used only for Unwanted Access Escalations. This determines what kinds of access rules are created in response to the Escalation. This parameter is better explained using an example:\nIn the scenario when `email123@example.com` logs in from Russia and the determination is `unauthorized`:\n\nWhen the scope is `identity`:\n\nRules created based on the resolution will only apply to the identities associated with the Escalation. In this case a rule will be created specifically preventing `email123@example.com` from logging in from Russia.\n\nWhen the scope is `organization`:\n\nRules created based on the resolution will apply to all identities in the organization. In this case all logins from Russia will be prevented across the organization.\n\nWhen the scope is `account`:\n\nRules created based on the resolution will apply to all identities on the account. In this case all logins from Russia will be prevented across the account.\n", - "enum": [ - "account", - "organization", - "identity" - ] - } - }, - "description": "Create an Escalation Resolution" - } - } -} \ No newline at end of file diff --git a/plugins/Huntress/v1/indexDefinitions/agents.json b/plugins/Huntress/v1/indexDefinitions/default.json similarity index 100% rename from plugins/Huntress/v1/indexDefinitions/agents.json rename to plugins/Huntress/v1/indexDefinitions/default.json diff --git a/plugins/Huntress/v1/metadata.json b/plugins/Huntress/v1/metadata.json index 49f506e..ca0217d 100644 --- a/plugins/Huntress/v1/metadata.json +++ b/plugins/Huntress/v1/metadata.json @@ -1,9 +1,9 @@ { "name": "huntress", "displayName": "Huntress", - "version": "1.0.0", + "version": "1.0.1", "author": { - "name": "Community", + "name": "@Deenk", "type": "community" }, "description": "Query agents, incidents, and organizations from your Huntress Managed Security Platform account.", diff --git a/plugins/Huntress/v1/ui.json b/plugins/Huntress/v1/ui.json index 295514d..90d381a 100644 --- a/plugins/Huntress/v1/ui.json +++ b/plugins/Huntress/v1/ui.json @@ -2,8 +2,7 @@ { "type": "text", "name": "publicKey", - "label": "API Public Key", - "help": "Enter the Public Key from your Huntress API Credentials.", + "label": "API public key", "validation": { "required": true }, @@ -12,8 +11,7 @@ { "type": "password", "name": "privateKey", - "label": "API Private Key", - "help": "Enter the Private Key from your Huntress API Credentials.", + "label": "API private key", "validation": { "required": true }, From 8a9f2cbe2bdb25a9cfa98330c11ee65a5d180778 Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Thu, 9 Apr 2026 17:27:24 +0100 Subject: [PATCH 04/13] fix broken oob dashboards --- .../v1/defaultContent/agents.dash.json | 71 +++++++++++-------- .../v1/defaultContent/incidents.dash.json | 71 +++++++++++-------- plugins/Huntress/v1/metadata.json | 2 +- 3 files changed, 87 insertions(+), 57 deletions(-) diff --git a/plugins/Huntress/v1/defaultContent/agents.dash.json b/plugins/Huntress/v1/defaultContent/agents.dash.json index 3794143..62656b4 100644 --- a/plugins/Huntress/v1/defaultContent/agents.dash.json +++ b/plugins/Huntress/v1/defaultContent/agents.dash.json @@ -1,33 +1,48 @@ { - "title": "Huntress Agents", - "description": "Overview of all agents deployed through Huntress", - "icon": "huntress", - "parameters": [], - "layout": [ - { - "id": "agent_list", - "type": "DataGrid", - "title": "All Agents", - "position": { + "name": "Huntress Agents", + "schemaVersion": "1.4", + "dashboard": { + "_type": "layout/grid", + "contents": [ + { "x": 0, "y": 0, "w": 12, - "h": 8 - }, - "config": { - "dataSource": { - "provider": "huntress", - "stream": "agents" - }, - "columns": [ - { "name": "hostname", "label": "Hostname" }, - { "name": "domain", "label": "Domain" }, - { "name": "os", "label": "Operating System" }, - { "name": "status", "label": "Status" }, - { "name": "isolated", "label": "Isolated" }, - { "name": "version", "label": "Agent Version" } - ] + "h": 8, + "i": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "static": false, + "moved": false, + "z": 0, + "config": { + "timeframe": "none", + "dataStream": { + "name": "httpRequestUnscoped", + "id": "{{dataStreams.agents}}", + "pluginConfigId": "{{configId}}" + }, + "_type": "tile/data-stream", + "description": "", + "activePluginConfigIds": [ + "{{configId}}" + ], + "title": "All Agents", + "visualisation": { + "type": "data-stream-table", + "config": { + "data-stream-table": { + "columnOrder": [ + "hostname", + "domain", + "os", + "status", + "isolated", + "version" + ] + } + } + } + } } - } - ] -} \ No newline at end of file + ] + } +} diff --git a/plugins/Huntress/v1/defaultContent/incidents.dash.json b/plugins/Huntress/v1/defaultContent/incidents.dash.json index 8df9c45..8ba3f47 100644 --- a/plugins/Huntress/v1/defaultContent/incidents.dash.json +++ b/plugins/Huntress/v1/defaultContent/incidents.dash.json @@ -1,33 +1,48 @@ { - "title": "Huntress Incident Reports", - "description": "Overview of all incident reports detected by Huntress", - "icon": "huntress", - "parameters": [], - "layout": [ - { - "id": "incident_list", - "type": "DataGrid", - "title": "All Incident Reports", - "position": { + "name": "Huntress Incident Reports", + "schemaVersion": "1.4", + "dashboard": { + "_type": "layout/grid", + "contents": [ + { "x": 0, "y": 0, "w": 12, - "h": 8 - }, - "config": { - "dataSource": { - "provider": "huntress", - "stream": "incident_reports" - }, - "columns": [ - { "name": "title", "label": "Title" }, - { "name": "severity", "label": "Severity" }, - { "name": "status", "label": "Status" }, - { "name": "organization_id", "label": "Org ID" }, - { "name": "agent_id", "label": "Agent ID" }, - { "name": "created_at", "label": "Created At" } - ] + "h": 8, + "i": "b2c3d4e5-f6a7-8901-bcde-f12345678901", + "static": false, + "moved": false, + "z": 0, + "config": { + "timeframe": "none", + "dataStream": { + "name": "httpRequestUnscoped", + "id": "{{dataStreams.incident_reports}}", + "pluginConfigId": "{{configId}}" + }, + "_type": "tile/data-stream", + "description": "", + "activePluginConfigIds": [ + "{{configId}}" + ], + "title": "All Incident Reports", + "visualisation": { + "type": "data-stream-table", + "config": { + "data-stream-table": { + "columnOrder": [ + "title", + "severity", + "status", + "organization_id", + "agent_id", + "created_at" + ] + } + } + } + } } - } - ] -} \ No newline at end of file + ] + } +} diff --git a/plugins/Huntress/v1/metadata.json b/plugins/Huntress/v1/metadata.json index ca0217d..8ea2ee7 100644 --- a/plugins/Huntress/v1/metadata.json +++ b/plugins/Huntress/v1/metadata.json @@ -1,7 +1,7 @@ { "name": "huntress", "displayName": "Huntress", - "version": "1.0.1", + "version": "1.0.2", "author": { "name": "@Deenk", "type": "community" From e41f9dda5f94ee86e7f5cab95cf0bf3cfe1053a1 Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Thu, 9 Apr 2026 17:32:26 +0100 Subject: [PATCH 05/13] fix missing oob tiles --- plugins/Huntress/v1/defaultContent/agents.dash.json | 2 ++ plugins/Huntress/v1/defaultContent/incidents.dash.json | 2 ++ plugins/Huntress/v1/metadata.json | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/plugins/Huntress/v1/defaultContent/agents.dash.json b/plugins/Huntress/v1/defaultContent/agents.dash.json index 62656b4..131d986 100644 --- a/plugins/Huntress/v1/defaultContent/agents.dash.json +++ b/plugins/Huntress/v1/defaultContent/agents.dash.json @@ -3,6 +3,8 @@ "schemaVersion": "1.4", "dashboard": { "_type": "layout/grid", + "version": 1, + "columns": 12, "contents": [ { "x": 0, diff --git a/plugins/Huntress/v1/defaultContent/incidents.dash.json b/plugins/Huntress/v1/defaultContent/incidents.dash.json index 8ba3f47..94159b7 100644 --- a/plugins/Huntress/v1/defaultContent/incidents.dash.json +++ b/plugins/Huntress/v1/defaultContent/incidents.dash.json @@ -3,6 +3,8 @@ "schemaVersion": "1.4", "dashboard": { "_type": "layout/grid", + "version": 1, + "columns": 12, "contents": [ { "x": 0, diff --git a/plugins/Huntress/v1/metadata.json b/plugins/Huntress/v1/metadata.json index 8ea2ee7..c90ff8d 100644 --- a/plugins/Huntress/v1/metadata.json +++ b/plugins/Huntress/v1/metadata.json @@ -1,7 +1,7 @@ { "name": "huntress", "displayName": "Huntress", - "version": "1.0.2", + "version": "1.0.3", "author": { "name": "@Deenk", "type": "community" From 81cc42ce4cb87ae266c1e22127cc088705b40eaa Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Fri, 10 Apr 2026 09:18:00 +0100 Subject: [PATCH 06/13] fix request parameters --- plugins/Huntress/v1/dataStreams/agents.json | 5 ++- .../v1/dataStreams/organizations.json | 5 ++- .../Huntress/v1/indexDefinitions/default.json | 45 ++++++++----------- plugins/Huntress/v1/metadata.json | 2 +- 4 files changed, 28 insertions(+), 29 deletions(-) diff --git a/plugins/Huntress/v1/dataStreams/agents.json b/plugins/Huntress/v1/dataStreams/agents.json index 29c8e4f..a1a0689 100644 --- a/plugins/Huntress/v1/dataStreams/agents.json +++ b/plugins/Huntress/v1/dataStreams/agents.json @@ -6,7 +6,10 @@ "config": { "httpMethod": "get", "endpointPath": "/v1/agents", - "pathToData": "agents" + "pathToData": "agents", + "queryParameters": { + "limit": "500" + } }, "metadata": [ { diff --git a/plugins/Huntress/v1/dataStreams/organizations.json b/plugins/Huntress/v1/dataStreams/organizations.json index 1ba243b..141fdf4 100644 --- a/plugins/Huntress/v1/dataStreams/organizations.json +++ b/plugins/Huntress/v1/dataStreams/organizations.json @@ -6,7 +6,10 @@ "config": { "httpMethod": "get", "endpointPath": "/v1/organizations", - "pathToData": "organizations" + "pathToData": "organizations", + "queryParameters": { + "limit": "500" + } }, "metadata": [ { diff --git a/plugins/Huntress/v1/indexDefinitions/default.json b/plugins/Huntress/v1/indexDefinitions/default.json index 809a38e..327e172 100644 --- a/plugins/Huntress/v1/indexDefinitions/default.json +++ b/plugins/Huntress/v1/indexDefinitions/default.json @@ -1,30 +1,23 @@ { - "stream": "agents", - "name": "Huntress Agent", - "icon": "huntress", - "id": "id", - "title": "hostname", - "description": "os", - "properties": [ + "steps": [ { - "name": "domain", - "displayName": "Domain" - }, - { - "name": "os", - "displayName": "Operating System" - }, - { - "name": "status", - "displayName": "Status" - }, - { - "name": "isolated", - "displayName": "Isolated" - }, - { - "name": "version", - "displayName": "Agent Version" + "name": "agents", + "dataStream": { + "name": "agents" + }, + "timeframe": "none", + "objectMapping": { + "id": "id", + "name": "hostname", + "type": { "value": "Huntress Agent" }, + "properties": [ + "domain", + "os", + "status", + "isolated", + "version" + ] + } } ] -} \ No newline at end of file +} diff --git a/plugins/Huntress/v1/metadata.json b/plugins/Huntress/v1/metadata.json index c90ff8d..a2fce14 100644 --- a/plugins/Huntress/v1/metadata.json +++ b/plugins/Huntress/v1/metadata.json @@ -1,7 +1,7 @@ { "name": "huntress", "displayName": "Huntress", - "version": "1.0.3", + "version": "1.0.4", "author": { "name": "@Deenk", "type": "community" From 279c1631655b70df6c674d3d354501700e3ceef2 Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Fri, 10 Apr 2026 09:26:33 +0100 Subject: [PATCH 07/13] more data stream fixes --- plugins/Huntress/v1/dataStreams/agents.json | 7 ++++--- .../v1/dataStreams/incident_reports.json | 7 ++++--- .../v1/dataStreams/organizations.json | 7 ++++--- .../v1/defaultContent/agents.dash.json | 2 ++ .../v1/defaultContent/incidents.dash.json | 2 ++ .../Huntress/v1/defaultContent/scopes.json | 20 ++++++++++++++++++- .../Huntress/v1/indexDefinitions/default.json | 3 ++- plugins/Huntress/v1/metadata.json | 2 +- 8 files changed, 38 insertions(+), 12 deletions(-) diff --git a/plugins/Huntress/v1/dataStreams/agents.json b/plugins/Huntress/v1/dataStreams/agents.json index a1a0689..dfb4a24 100644 --- a/plugins/Huntress/v1/dataStreams/agents.json +++ b/plugins/Huntress/v1/dataStreams/agents.json @@ -64,7 +64,8 @@ "pattern": ".*" } ], - "timeframes": [ - "none" - ] + "manualConfigApply": true, + "matches": "none", + "rowPath": [], + "timeframes": false } \ No newline at end of file diff --git a/plugins/Huntress/v1/dataStreams/incident_reports.json b/plugins/Huntress/v1/dataStreams/incident_reports.json index 3add707..2f8a165 100644 --- a/plugins/Huntress/v1/dataStreams/incident_reports.json +++ b/plugins/Huntress/v1/dataStreams/incident_reports.json @@ -56,7 +56,8 @@ "pattern": ".*" } ], - "timeframes": [ - "none" - ] + "manualConfigApply": true, + "matches": "none", + "rowPath": [], + "timeframes": false } \ No newline at end of file diff --git a/plugins/Huntress/v1/dataStreams/organizations.json b/plugins/Huntress/v1/dataStreams/organizations.json index 141fdf4..d062efa 100644 --- a/plugins/Huntress/v1/dataStreams/organizations.json +++ b/plugins/Huntress/v1/dataStreams/organizations.json @@ -39,7 +39,8 @@ "pattern": ".*" } ], - "timeframes": [ - "none" - ] + "manualConfigApply": true, + "matches": "none", + "rowPath": [], + "timeframes": false } \ No newline at end of file diff --git a/plugins/Huntress/v1/defaultContent/agents.dash.json b/plugins/Huntress/v1/defaultContent/agents.dash.json index 131d986..bd9b778 100644 --- a/plugins/Huntress/v1/defaultContent/agents.dash.json +++ b/plugins/Huntress/v1/defaultContent/agents.dash.json @@ -1,5 +1,7 @@ { "name": "Huntress Agents", + "path": "agents", + "folderPath": [], "schemaVersion": "1.4", "dashboard": { "_type": "layout/grid", diff --git a/plugins/Huntress/v1/defaultContent/incidents.dash.json b/plugins/Huntress/v1/defaultContent/incidents.dash.json index 94159b7..e741774 100644 --- a/plugins/Huntress/v1/defaultContent/incidents.dash.json +++ b/plugins/Huntress/v1/defaultContent/incidents.dash.json @@ -1,5 +1,7 @@ { "name": "Huntress Incident Reports", + "path": "incidents", + "folderPath": [], "schemaVersion": "1.4", "dashboard": { "_type": "layout/grid", diff --git a/plugins/Huntress/v1/defaultContent/scopes.json b/plugins/Huntress/v1/defaultContent/scopes.json index fe51488..2292fae 100644 --- a/plugins/Huntress/v1/defaultContent/scopes.json +++ b/plugins/Huntress/v1/defaultContent/scopes.json @@ -1 +1,19 @@ -[] +[ + { + "matches": { + "sourceType": { + "type": "oneOf", + "values": [ + "Huntress Agent" + ] + } + }, + "name": "Huntress Agents", + "variable": { + "allowMultipleSelection": false, + "default": "none", + "name": "Agent", + "type": "object" + } + } +] diff --git a/plugins/Huntress/v1/indexDefinitions/default.json b/plugins/Huntress/v1/indexDefinitions/default.json index 327e172..8393502 100644 --- a/plugins/Huntress/v1/indexDefinitions/default.json +++ b/plugins/Huntress/v1/indexDefinitions/default.json @@ -3,7 +3,8 @@ { "name": "agents", "dataStream": { - "name": "agents" + "name": "agents", + "dataSourceConfig": {} }, "timeframe": "none", "objectMapping": { diff --git a/plugins/Huntress/v1/metadata.json b/plugins/Huntress/v1/metadata.json index a2fce14..4d3e85e 100644 --- a/plugins/Huntress/v1/metadata.json +++ b/plugins/Huntress/v1/metadata.json @@ -1,7 +1,7 @@ { "name": "huntress", "displayName": "Huntress", - "version": "1.0.4", + "version": "1.0.5", "author": { "name": "@Deenk", "type": "community" From 4b2f6150cb4656539d31fa19c845c96caaae68e1 Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Fri, 10 Apr 2026 10:15:30 +0100 Subject: [PATCH 08/13] add more imports and datastreams --- plugins/Huntress/v1/dataStreams/agents.json | 75 ++++++++++++++++++ .../Huntress/v1/dataStreams/escalations.json | 72 +++++++++++++++++ .../v1/dataStreams/external_ports.json | 72 +++++++++++++++++ .../v1/dataStreams/incident_reports.json | 43 ++++++++--- .../v1/dataStreams/organizations.json | 29 ++++++- plugins/Huntress/v1/dataStreams/signals.json | 77 +++++++++++++++++++ .../Huntress/v1/indexDefinitions/default.json | 30 +++++++- plugins/Huntress/v1/metadata.json | 2 +- 8 files changed, 384 insertions(+), 16 deletions(-) create mode 100644 plugins/Huntress/v1/dataStreams/escalations.json create mode 100644 plugins/Huntress/v1/dataStreams/external_ports.json create mode 100644 plugins/Huntress/v1/dataStreams/signals.json diff --git a/plugins/Huntress/v1/dataStreams/agents.json b/plugins/Huntress/v1/dataStreams/agents.json index dfb4a24..eaf5fe1 100644 --- a/plugins/Huntress/v1/dataStreams/agents.json +++ b/plugins/Huntress/v1/dataStreams/agents.json @@ -60,6 +60,81 @@ "displayName": "Agent Version", "shape": "string" }, + { + "name": "edr_version", + "displayName": "EDR Version", + "shape": "string" + }, + { + "name": "platform", + "displayName": "Platform", + "shape": "string" + }, + { + "name": "arch", + "displayName": "Architecture", + "shape": "string" + }, + { + "name": "domain_name", + "displayName": "Domain Name", + "shape": "string" + }, + { + "name": "ipv4_address", + "displayName": "IPv4 Address", + "shape": "string" + }, + { + "name": "external_ip", + "displayName": "External IP", + "shape": "string" + }, + { + "name": "defender_status", + "displayName": "Defender Status", + "shape": "string" + }, + { + "name": "defender_substatus", + "displayName": "Defender Substatus", + "shape": "string" + }, + { + "name": "firewall_status", + "displayName": "Firewall Status", + "shape": "string" + }, + { + "name": "os_build_version", + "displayName": "OS Build Version", + "shape": "string" + }, + { + "name": "serial_number", + "displayName": "Serial Number", + "shape": "string" + }, + { + "name": "last_callback_at", + "displayName": "Last Callback At", + "shape": "date" + }, + { + "name": "last_survey_at", + "displayName": "Last Survey At", + "shape": "date" + }, + { + "name": "created_at", + "displayName": "Created At", + "shape": "date" + }, + { + "name": "updated_at", + "displayName": "Updated At", + "shape": "date" + }, { "pattern": ".*" } diff --git a/plugins/Huntress/v1/dataStreams/escalations.json b/plugins/Huntress/v1/dataStreams/escalations.json new file mode 100644 index 0000000..f431919 --- /dev/null +++ b/plugins/Huntress/v1/dataStreams/escalations.json @@ -0,0 +1,72 @@ +{ + "name": "escalations", + "displayName": "Escalations", + "description": "Escalated security issues requiring attention across organizations", + "tags": ["Security", "Incidents"], + "baseDataSourceName": "httpRequestUnscoped", + "config": { + "httpMethod": "get", + "endpointPath": "/v1/escalations", + "pathToData": "escalations", + "queryParameters": { + "limit": "500" + } + }, + "metadata": [ + { + "name": "id", + "displayName": "Escalation ID", + "shape": "number", + "role": "id", + "visible": false + }, + { + "name": "subject", + "displayName": "Subject", + "shape": "string", + "role": "label" + }, + { + "name": "type", + "displayName": "Type", + "shape": "string" + }, + { + "name": "severity", + "displayName": "Severity", + "shape": "string" + }, + { + "name": "status", + "displayName": "Status", + "shape": "string" + }, + { + "name": "organizations", + "displayName": "Organizations", + "shape": "json" + }, + { + "name": "resolved_at", + "displayName": "Resolved At", + "shape": "date" + }, + { + "name": "created_at", + "displayName": "Created At", + "shape": "date" + }, + { + "name": "updated_at", + "displayName": "Updated At", + "shape": "date" + }, + { + "pattern": ".*" + } + ], + "manualConfigApply": true, + "matches": "none", + "rowPath": [], + "timeframes": false +} diff --git a/plugins/Huntress/v1/dataStreams/external_ports.json b/plugins/Huntress/v1/dataStreams/external_ports.json new file mode 100644 index 0000000..4c6c0dd --- /dev/null +++ b/plugins/Huntress/v1/dataStreams/external_ports.json @@ -0,0 +1,72 @@ +{ + "name": "external_ports", + "displayName": "External Ports", + "description": "Externally exposed ports detected by Huntress External Recon", + "tags": ["Security", "Network"], + "baseDataSourceName": "httpRequestUnscoped", + "config": { + "httpMethod": "get", + "endpointPath": "/v1/external_ports", + "pathToData": "external_ports", + "queryParameters": { + "limit": "500" + } + }, + "metadata": [ + { + "name": "id", + "displayName": "Port Record ID", + "shape": "number", + "role": "id", + "visible": false + }, + { + "name": "ip_address", + "displayName": "IP Address", + "shape": "string", + "role": "label" + }, + { + "name": "port", + "displayName": "Port", + "shape": "number" + }, + { + "name": "protocol", + "displayName": "Protocol", + "shape": "string" + }, + { + "name": "service", + "displayName": "Service", + "shape": "string" + }, + { + "name": "risky_service", + "displayName": "Risky Service", + "shape": "boolean" + }, + { + "name": "organization_ids", + "displayName": "Organization IDs", + "shape": "json" + }, + { + "name": "last_scan_at", + "displayName": "Last Scan At", + "shape": "date" + }, + { + "name": "last_external_scan_at", + "displayName": "Last External Scan At", + "shape": "date" + }, + { + "pattern": ".*" + } + ], + "manualConfigApply": true, + "matches": "none", + "rowPath": [], + "timeframes": false +} diff --git a/plugins/Huntress/v1/dataStreams/incident_reports.json b/plugins/Huntress/v1/dataStreams/incident_reports.json index 2f8a165..de87564 100644 --- a/plugins/Huntress/v1/dataStreams/incident_reports.json +++ b/plugins/Huntress/v1/dataStreams/incident_reports.json @@ -17,11 +17,26 @@ "visible": false }, { - "name": "title", - "displayName": "Title", + "name": "subject", + "displayName": "Subject", "shape": "string", "role": "label" }, + { + "name": "severity", + "displayName": "Severity", + "shape": "string" + }, + { + "name": "status", + "displayName": "Status", + "shape": "string" + }, + { + "name": "platform", + "displayName": "Platform", + "shape": "string" + }, { "name": "organization_id", "displayName": "Organization ID", @@ -33,18 +48,28 @@ "shape": "number" }, { - "name": "severity", - "displayName": "Severity", - "shape": "string" + "name": "indicator_types", + "displayName": "Indicator Types", + "shape": "json" }, { - "name": "status", - "displayName": "Status", + "name": "summary", + "displayName": "Summary", "shape": "string" }, { - "name": "created_at", - "displayName": "Created At", + "name": "sent_at", + "displayName": "Sent At", + "shape": "date" + }, + { + "name": "closed_at", + "displayName": "Closed At", + "shape": "date" + }, + { + "name": "status_updated_at", + "displayName": "Status Updated At", "shape": "date" }, { diff --git a/plugins/Huntress/v1/dataStreams/organizations.json b/plugins/Huntress/v1/dataStreams/organizations.json index d062efa..c273cee 100644 --- a/plugins/Huntress/v1/dataStreams/organizations.json +++ b/plugins/Huntress/v1/dataStreams/organizations.json @@ -26,8 +26,28 @@ "role": "label" }, { - "name": "type", - "displayName": "Type", + "name": "agents_count", + "displayName": "Agents", + "shape": "number" + }, + { + "name": "incident_reports_count", + "displayName": "Incident Reports", + "shape": "number" + }, + { + "name": "logs_sources_count", + "displayName": "SIEM Sources", + "shape": "number" + }, + { + "name": "billable_identity_count", + "displayName": "Billable Identities", + "shape": "number" + }, + { + "name": "key", + "displayName": "Subdomain Key", "shape": "string" }, { @@ -35,6 +55,11 @@ "displayName": "Created At", "shape": "date" }, + { + "name": "updated_at", + "displayName": "Updated At", + "shape": "date" + }, { "pattern": ".*" } diff --git a/plugins/Huntress/v1/dataStreams/signals.json b/plugins/Huntress/v1/dataStreams/signals.json new file mode 100644 index 0000000..1563866 --- /dev/null +++ b/plugins/Huntress/v1/dataStreams/signals.json @@ -0,0 +1,77 @@ +{ + "name": "signals", + "displayName": "Signals", + "description": "Threat detection signals investigated by the Huntress SOC", + "tags": ["Security", "Signals"], + "baseDataSourceName": "httpRequestUnscoped", + "config": { + "httpMethod": "get", + "endpointPath": "/v1/signals", + "pathToData": "signals", + "queryParameters": { + "limit": "500" + } + }, + "metadata": [ + { + "name": "id", + "displayName": "Signal ID", + "shape": "number", + "role": "id", + "visible": false + }, + { + "name": "name", + "displayName": "Signal Name", + "shape": "string", + "role": "label" + }, + { + "name": "status", + "displayName": "Status", + "shape": "string" + }, + { + "name": "type", + "displayName": "Type", + "shape": "string" + }, + { + "name": "investigation_context", + "displayName": "Investigation Context", + "shape": "string" + }, + { + "name": "entity", + "displayName": "Entity", + "shape": "json" + }, + { + "name": "organization", + "displayName": "Organization", + "shape": "json" + }, + { + "name": "investigated_at", + "displayName": "Investigated At", + "shape": "date" + }, + { + "name": "created_at", + "displayName": "Created At", + "shape": "date" + }, + { + "name": "updated_at", + "displayName": "Updated At", + "shape": "date" + }, + { + "pattern": ".*" + } + ], + "manualConfigApply": true, + "matches": "none", + "rowPath": [], + "timeframes": false +} diff --git a/plugins/Huntress/v1/indexDefinitions/default.json b/plugins/Huntress/v1/indexDefinitions/default.json index 8393502..e560cbb 100644 --- a/plugins/Huntress/v1/indexDefinitions/default.json +++ b/plugins/Huntress/v1/indexDefinitions/default.json @@ -12,11 +12,33 @@ "name": "hostname", "type": { "value": "Huntress Agent" }, "properties": [ - "domain", + "domain_name", "os", - "status", - "isolated", - "version" + "platform", + "ipv4_address", + "external_ip", + "firewall_status", + "defender_status", + "version", + "organization_id" + ] + } + }, + { + "name": "organizations", + "dataStream": { + "name": "organizations", + "dataSourceConfig": {} + }, + "timeframe": "none", + "objectMapping": { + "id": "id", + "name": "name", + "type": { "value": "Huntress Organization" }, + "properties": [ + "agents_count", + "incident_reports_count", + "key" ] } } diff --git a/plugins/Huntress/v1/metadata.json b/plugins/Huntress/v1/metadata.json index 4d3e85e..1e6c034 100644 --- a/plugins/Huntress/v1/metadata.json +++ b/plugins/Huntress/v1/metadata.json @@ -1,7 +1,7 @@ { "name": "huntress", "displayName": "Huntress", - "version": "1.0.5", + "version": "1.0.6", "author": { "name": "@Deenk", "type": "community" From 5c35049b677921447e01418e12e80770d3db907e Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Fri, 10 Apr 2026 10:27:21 +0100 Subject: [PATCH 09/13] add scoped agents data stream --- .../v1/dataStreams/agentsByOrganization.json | 152 ++++++++++++++++++ .../Huntress/v1/defaultContent/scopes.json | 17 ++ plugins/Huntress/v1/metadata.json | 2 +- 3 files changed, 170 insertions(+), 1 deletion(-) create mode 100644 plugins/Huntress/v1/dataStreams/agentsByOrganization.json diff --git a/plugins/Huntress/v1/dataStreams/agentsByOrganization.json b/plugins/Huntress/v1/dataStreams/agentsByOrganization.json new file mode 100644 index 0000000..b6519aa --- /dev/null +++ b/plugins/Huntress/v1/dataStreams/agentsByOrganization.json @@ -0,0 +1,152 @@ +{ + "name": "agentsByOrganization", + "displayName": "Agents by Organisation", + "description": "Agents filtered by a scoped Huntress Organisation", + "tags": ["Security", "Agents"], + "baseDataSourceName": "httpRequestScoped", + "config": { + "httpMethod": "get", + "endpointPath": "/v1/agents", + "pathToData": "agents", + "queryParameters": { + "limit": "500", + "organization_id": "{{objects[0].id}}" + } + }, + "matches": { + "sourceType": { + "type": "oneOf", + "values": ["Huntress Organization"] + } + }, + "metadata": [ + { + "name": "id", + "displayName": "Agent ID", + "shape": "number", + "role": "id", + "visible": false + }, + { + "name": "hostname", + "displayName": "Hostname", + "shape": "string", + "role": "label" + }, + { + "name": "organization_id", + "displayName": "Organization ID", + "shape": "number" + }, + { + "name": "domain", + "displayName": "Domain", + "shape": "string" + }, + { + "name": "os", + "displayName": "Operating System", + "shape": "string" + }, + { + "name": "ip_addresses", + "displayName": "IP Addresses", + "shape": "json" + }, + { + "name": "status", + "displayName": "Status", + "shape": "string" + }, + { + "name": "isolated", + "displayName": "Isolated", + "shape": "boolean" + }, + { + "name": "version", + "displayName": "Agent Version", + "shape": "string" + }, + { + "name": "edr_version", + "displayName": "EDR Version", + "shape": "string" + }, + { + "name": "platform", + "displayName": "Platform", + "shape": "string" + }, + { + "name": "arch", + "displayName": "Architecture", + "shape": "string" + }, + { + "name": "domain_name", + "displayName": "Domain Name", + "shape": "string" + }, + { + "name": "ipv4_address", + "displayName": "IPv4 Address", + "shape": "string" + }, + { + "name": "external_ip", + "displayName": "External IP", + "shape": "string" + }, + { + "name": "defender_status", + "displayName": "Defender Status", + "shape": "string" + }, + { + "name": "defender_substatus", + "displayName": "Defender Substatus", + "shape": "string" + }, + { + "name": "firewall_status", + "displayName": "Firewall Status", + "shape": "string" + }, + { + "name": "os_build_version", + "displayName": "OS Build Version", + "shape": "string" + }, + { + "name": "serial_number", + "displayName": "Serial Number", + "shape": "string" + }, + { + "name": "last_callback_at", + "displayName": "Last Callback At", + "shape": "date" + }, + { + "name": "last_survey_at", + "displayName": "Last Survey At", + "shape": "date" + }, + { + "name": "created_at", + "displayName": "Created At", + "shape": "date" + }, + { + "name": "updated_at", + "displayName": "Updated At", + "shape": "date" + }, + { + "pattern": ".*" + } + ], + "rowPath": [], + "timeframes": false +} diff --git a/plugins/Huntress/v1/defaultContent/scopes.json b/plugins/Huntress/v1/defaultContent/scopes.json index 2292fae..47b70ba 100644 --- a/plugins/Huntress/v1/defaultContent/scopes.json +++ b/plugins/Huntress/v1/defaultContent/scopes.json @@ -15,5 +15,22 @@ "name": "Agent", "type": "object" } + }, + { + "matches": { + "sourceType": { + "type": "oneOf", + "values": [ + "Huntress Organization" + ] + } + }, + "name": "Huntress Organisations", + "variable": { + "allowMultipleSelection": false, + "default": "none", + "name": "Organisation", + "type": "object" + } } ] diff --git a/plugins/Huntress/v1/metadata.json b/plugins/Huntress/v1/metadata.json index 1e6c034..ba4590a 100644 --- a/plugins/Huntress/v1/metadata.json +++ b/plugins/Huntress/v1/metadata.json @@ -1,7 +1,7 @@ { "name": "huntress", "displayName": "Huntress", - "version": "1.0.6", + "version": "1.0.7", "author": { "name": "@Deenk", "type": "community" From 4c53f2dda577338d6f623574191ed5e921814c9a Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Fri, 10 Apr 2026 15:59:19 +0100 Subject: [PATCH 10/13] remove broken index field --- plugins/Huntress/v1/indexDefinitions/default.json | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/plugins/Huntress/v1/indexDefinitions/default.json b/plugins/Huntress/v1/indexDefinitions/default.json index e560cbb..5be8e41 100644 --- a/plugins/Huntress/v1/indexDefinitions/default.json +++ b/plugins/Huntress/v1/indexDefinitions/default.json @@ -3,8 +3,7 @@ { "name": "agents", "dataStream": { - "name": "agents", - "dataSourceConfig": {} + "name": "agents" }, "timeframe": "none", "objectMapping": { @@ -27,8 +26,7 @@ { "name": "organizations", "dataStream": { - "name": "organizations", - "dataSourceConfig": {} + "name": "organizations" }, "timeframe": "none", "objectMapping": { From 89719ab57621c3ab436d29a650da055aa3448328 Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Mon, 11 May 2026 17:47:04 +0100 Subject: [PATCH 11/13] many huntress improvements --- plugins/Huntress/v1/configValidation.json | 11 ++++++++++ plugins/Huntress/v1/cspell.json | 12 +++++++++++ plugins/Huntress/v1/custom_types.json | 16 +++++++++++++++ plugins/Huntress/v1/dataStreams/agents.json | 20 ++++++++++++++++--- .../v1/dataStreams/agentsByOrganization.json | 19 ++++++++++++++++-- .../Huntress/v1/dataStreams/escalations.json | 19 +++++++++++++++--- .../v1/dataStreams/external_ports.json | 17 ++++++++++++++-- .../v1/dataStreams/incident_reports.json | 20 +++++++++++++++++-- .../v1/dataStreams/organizations.json | 18 +++++++++++++++-- plugins/Huntress/v1/dataStreams/signals.json | 19 +++++++++++++++--- .../v1/defaultContent/agents.dash.json | 2 +- .../v1/defaultContent/incidents.dash.json | 4 ++-- plugins/Huntress/v1/metadata.json | 2 +- plugins/Huntress/v1/ui.json | 2 ++ 14 files changed, 160 insertions(+), 21 deletions(-) create mode 100644 plugins/Huntress/v1/configValidation.json create mode 100644 plugins/Huntress/v1/cspell.json create mode 100644 plugins/Huntress/v1/custom_types.json diff --git a/plugins/Huntress/v1/configValidation.json b/plugins/Huntress/v1/configValidation.json new file mode 100644 index 0000000..bbd4b50 --- /dev/null +++ b/plugins/Huntress/v1/configValidation.json @@ -0,0 +1,11 @@ +{ + "steps": [ + { + "displayName": "API access", + "dataStream": { "name": "organizations" }, + "success": "Successfully connected to Huntress", + "error": "Cannot connect to Huntress. Check your public and private API keys.", + "required": true + } + ] +} diff --git a/plugins/Huntress/v1/cspell.json b/plugins/Huntress/v1/cspell.json new file mode 100644 index 0000000..7ae5c66 --- /dev/null +++ b/plugins/Huntress/v1/cspell.json @@ -0,0 +1,12 @@ +{ + "words": [ + "huntress", + "edr", + "itdr", + "substatus", + "subdomain", + "ipv4", + "footholds", + "ransomware" + ] +} diff --git a/plugins/Huntress/v1/custom_types.json b/plugins/Huntress/v1/custom_types.json new file mode 100644 index 0000000..9dbda67 --- /dev/null +++ b/plugins/Huntress/v1/custom_types.json @@ -0,0 +1,16 @@ +[ + { + "name": "Huntress Agent", + "sourceType": "Huntress Agent", + "icon": "laptop", + "singular": "Agent", + "plural": "Agents" + }, + { + "name": "Huntress Organization", + "sourceType": "Huntress Organization", + "icon": "building", + "singular": "Organisation", + "plural": "Organisations" + } +] diff --git a/plugins/Huntress/v1/dataStreams/agents.json b/plugins/Huntress/v1/dataStreams/agents.json index eaf5fe1..82ddffa 100644 --- a/plugins/Huntress/v1/dataStreams/agents.json +++ b/plugins/Huntress/v1/dataStreams/agents.json @@ -1,14 +1,28 @@ { "name": "agents", "displayName": "Agents", + "description": "All agents registered with your Huntress account", "tags": ["Security", "Agents"], "baseDataSourceName": "httpRequestUnscoped", "config": { "httpMethod": "get", "endpointPath": "/v1/agents", "pathToData": "agents", - "queryParameters": { - "limit": "500" + "paging": { + "mode": "token", + "pageSize": { + "realm": "queryArg", + "path": "limit", + "value": "500" + }, + "in": { + "realm": "payload", + "path": "pagination.next_page_token" + }, + "out": { + "realm": "queryArg", + "path": "page_token" + } } }, "metadata": [ @@ -103,7 +117,7 @@ { "name": "firewall_status", "displayName": "Firewall Status", - "shape": "string" + "shape": ["state", { "map": { "success": ["Enabled"], "error": ["Disabled"], "warning": ["Pending Isolation", "Isolated", "Pending Release"] } }] }, { "name": "os_build_version", diff --git a/plugins/Huntress/v1/dataStreams/agentsByOrganization.json b/plugins/Huntress/v1/dataStreams/agentsByOrganization.json index b6519aa..9c4e2f6 100644 --- a/plugins/Huntress/v1/dataStreams/agentsByOrganization.json +++ b/plugins/Huntress/v1/dataStreams/agentsByOrganization.json @@ -9,8 +9,23 @@ "endpointPath": "/v1/agents", "pathToData": "agents", "queryParameters": { - "limit": "500", "organization_id": "{{objects[0].id}}" + }, + "paging": { + "mode": "token", + "pageSize": { + "realm": "queryArg", + "path": "limit", + "value": "500" + }, + "in": { + "realm": "payload", + "path": "pagination.next_page_token" + }, + "out": { + "realm": "queryArg", + "path": "page_token" + } } }, "matches": { @@ -111,7 +126,7 @@ { "name": "firewall_status", "displayName": "Firewall Status", - "shape": "string" + "shape": ["state", { "map": { "success": ["Enabled"], "error": ["Disabled"], "warning": ["Pending Isolation", "Isolated", "Pending Release"] } }] }, { "name": "os_build_version", diff --git a/plugins/Huntress/v1/dataStreams/escalations.json b/plugins/Huntress/v1/dataStreams/escalations.json index f431919..4259150 100644 --- a/plugins/Huntress/v1/dataStreams/escalations.json +++ b/plugins/Huntress/v1/dataStreams/escalations.json @@ -8,8 +8,21 @@ "httpMethod": "get", "endpointPath": "/v1/escalations", "pathToData": "escalations", - "queryParameters": { - "limit": "500" + "paging": { + "mode": "token", + "pageSize": { + "realm": "queryArg", + "path": "limit", + "value": "500" + }, + "in": { + "realm": "payload", + "path": "pagination.next_page_token" + }, + "out": { + "realm": "queryArg", + "path": "page_token" + } } }, "metadata": [ @@ -39,7 +52,7 @@ { "name": "status", "displayName": "Status", - "shape": "string" + "shape": ["state", { "map": { "success": ["resolved"], "warning": ["open", "sent"] } }] }, { "name": "organizations", diff --git a/plugins/Huntress/v1/dataStreams/external_ports.json b/plugins/Huntress/v1/dataStreams/external_ports.json index 4c6c0dd..39f7b41 100644 --- a/plugins/Huntress/v1/dataStreams/external_ports.json +++ b/plugins/Huntress/v1/dataStreams/external_ports.json @@ -8,8 +8,21 @@ "httpMethod": "get", "endpointPath": "/v1/external_ports", "pathToData": "external_ports", - "queryParameters": { - "limit": "500" + "paging": { + "mode": "token", + "pageSize": { + "realm": "queryArg", + "path": "limit", + "value": "500" + }, + "in": { + "realm": "payload", + "path": "pagination.next_page_token" + }, + "out": { + "realm": "queryArg", + "path": "page_token" + } } }, "metadata": [ diff --git a/plugins/Huntress/v1/dataStreams/incident_reports.json b/plugins/Huntress/v1/dataStreams/incident_reports.json index de87564..cdf022a 100644 --- a/plugins/Huntress/v1/dataStreams/incident_reports.json +++ b/plugins/Huntress/v1/dataStreams/incident_reports.json @@ -6,7 +6,23 @@ "config": { "httpMethod": "get", "endpointPath": "/v1/incident_reports", - "pathToData": "incident_reports" + "pathToData": "incident_reports", + "paging": { + "mode": "token", + "pageSize": { + "realm": "queryArg", + "path": "limit", + "value": "500" + }, + "in": { + "realm": "payload", + "path": "pagination.next_page_token" + }, + "out": { + "realm": "queryArg", + "path": "page_token" + } + } }, "metadata": [ { @@ -30,7 +46,7 @@ { "name": "status", "displayName": "Status", - "shape": "string" + "shape": ["state", { "map": { "success": ["closed", "dismissed", "partner_dismissed"], "warning": ["sent", "auto_remediating", "deleting"] } }] }, { "name": "platform", diff --git a/plugins/Huntress/v1/dataStreams/organizations.json b/plugins/Huntress/v1/dataStreams/organizations.json index c273cee..9f856a0 100644 --- a/plugins/Huntress/v1/dataStreams/organizations.json +++ b/plugins/Huntress/v1/dataStreams/organizations.json @@ -1,14 +1,28 @@ { "name": "organizations", "displayName": "Organizations", + "description": "All organizations in your Huntress account", "tags": ["Security", "Organizations"], "baseDataSourceName": "httpRequestUnscoped", "config": { "httpMethod": "get", "endpointPath": "/v1/organizations", "pathToData": "organizations", - "queryParameters": { - "limit": "500" + "paging": { + "mode": "token", + "pageSize": { + "realm": "queryArg", + "path": "limit", + "value": "500" + }, + "in": { + "realm": "payload", + "path": "pagination.next_page_token" + }, + "out": { + "realm": "queryArg", + "path": "page_token" + } } }, "metadata": [ diff --git a/plugins/Huntress/v1/dataStreams/signals.json b/plugins/Huntress/v1/dataStreams/signals.json index 1563866..abd97a8 100644 --- a/plugins/Huntress/v1/dataStreams/signals.json +++ b/plugins/Huntress/v1/dataStreams/signals.json @@ -8,8 +8,21 @@ "httpMethod": "get", "endpointPath": "/v1/signals", "pathToData": "signals", - "queryParameters": { - "limit": "500" + "paging": { + "mode": "token", + "pageSize": { + "realm": "queryArg", + "path": "limit", + "value": "500" + }, + "in": { + "realm": "payload", + "path": "pagination.next_page_token" + }, + "out": { + "realm": "queryArg", + "path": "page_token" + } } }, "metadata": [ @@ -29,7 +42,7 @@ { "name": "status", "displayName": "Status", - "shape": "string" + "shape": ["state", { "map": { "success": ["closed"], "warning": ["reported"] } }] }, { "name": "type", diff --git a/plugins/Huntress/v1/defaultContent/agents.dash.json b/plugins/Huntress/v1/defaultContent/agents.dash.json index bd9b778..e3caf3b 100644 --- a/plugins/Huntress/v1/defaultContent/agents.dash.json +++ b/plugins/Huntress/v1/defaultContent/agents.dash.json @@ -20,7 +20,7 @@ "config": { "timeframe": "none", "dataStream": { - "name": "httpRequestUnscoped", + "name": "agents", "id": "{{dataStreams.agents}}", "pluginConfigId": "{{configId}}" }, diff --git a/plugins/Huntress/v1/defaultContent/incidents.dash.json b/plugins/Huntress/v1/defaultContent/incidents.dash.json index e741774..8c5dd5c 100644 --- a/plugins/Huntress/v1/defaultContent/incidents.dash.json +++ b/plugins/Huntress/v1/defaultContent/incidents.dash.json @@ -20,7 +20,7 @@ "config": { "timeframe": "none", "dataStream": { - "name": "httpRequestUnscoped", + "name": "incident_reports", "id": "{{dataStreams.incident_reports}}", "pluginConfigId": "{{configId}}" }, @@ -35,7 +35,7 @@ "config": { "data-stream-table": { "columnOrder": [ - "title", + "subject", "severity", "status", "organization_id", diff --git a/plugins/Huntress/v1/metadata.json b/plugins/Huntress/v1/metadata.json index ba4590a..ebd3403 100644 --- a/plugins/Huntress/v1/metadata.json +++ b/plugins/Huntress/v1/metadata.json @@ -1,7 +1,7 @@ { "name": "huntress", "displayName": "Huntress", - "version": "1.0.7", + "version": "1.0.8", "author": { "name": "@Deenk", "type": "community" diff --git a/plugins/Huntress/v1/ui.json b/plugins/Huntress/v1/ui.json index 90d381a..afc6669 100644 --- a/plugins/Huntress/v1/ui.json +++ b/plugins/Huntress/v1/ui.json @@ -3,6 +3,7 @@ "type": "text", "name": "publicKey", "label": "API public key", + "help": "Generate API credentials at your Huntress account under Account > API Credentials", "validation": { "required": true }, @@ -12,6 +13,7 @@ "type": "password", "name": "privateKey", "label": "API private key", + "help": "The private key is only shown once when generated — store it securely before saving", "validation": { "required": true }, From 8f50a44155099125f5684f9a2c1b3727c17ff393 Mon Sep 17 00:00:00 2001 From: Daniel Watts <34212312+Deenk@users.noreply.github.com> Date: Wed, 20 May 2026 16:34:05 +0100 Subject: [PATCH 12/13] fix scoped agents filter and align Huntress with framework conventions --- plugins/Huntress/v1/custom_types.json | 4 +- plugins/Huntress/v1/dataStreams/agents.json | 80 +++++++-------- .../v1/dataStreams/agentsByOrganization.json | 98 ++++++++++--------- .../Huntress/v1/dataStreams/escalations.json | 16 +-- .../v1/dataStreams/external_ports.json | 14 +-- .../v1/dataStreams/incident_reports.json | 25 ++--- .../v1/dataStreams/organizations.json | 22 ++--- plugins/Huntress/v1/dataStreams/signals.json | 37 ++++--- .../v1/defaultContent/agents.dash.json | 6 +- .../Huntress/v1/defaultContent/scopes.json | 16 ++- plugins/Huntress/v1/docs/README.md | 8 +- plugins/Huntress/v1/metadata.json | 4 +- 12 files changed, 175 insertions(+), 155 deletions(-) diff --git a/plugins/Huntress/v1/custom_types.json b/plugins/Huntress/v1/custom_types.json index 9dbda67..2378783 100644 --- a/plugins/Huntress/v1/custom_types.json +++ b/plugins/Huntress/v1/custom_types.json @@ -10,7 +10,7 @@ "name": "Huntress Organization", "sourceType": "Huntress Organization", "icon": "building", - "singular": "Organisation", - "plural": "Organisations" + "singular": "Organization", + "plural": "Organizations" } ] diff --git a/plugins/Huntress/v1/dataStreams/agents.json b/plugins/Huntress/v1/dataStreams/agents.json index 82ddffa..b51e75c 100644 --- a/plugins/Huntress/v1/dataStreams/agents.json +++ b/plugins/Huntress/v1/dataStreams/agents.json @@ -8,6 +8,9 @@ "httpMethod": "get", "endpointPath": "/v1/agents", "pathToData": "agents", + "expandInnerObjects": true, + "getArgs": [], + "headers": [], "paging": { "mode": "token", "pageSize": { @@ -29,7 +32,7 @@ { "name": "id", "displayName": "Agent ID", - "shape": "number", + "shape": ["number", { "decimalPlaces": 0 }], "role": "id", "visible": false }, @@ -42,11 +45,16 @@ { "name": "organization_id", "displayName": "Organization ID", - "shape": "number" + "shape": ["number", { "decimalPlaces": 0 }] }, { - "name": "domain", - "displayName": "Domain", + "name": "account_id", + "displayName": "Account ID", + "shape": ["number", { "decimalPlaces": 0 }] + }, + { + "name": "domain_name", + "displayName": "Domain Name", "shape": "string" }, { @@ -55,53 +63,43 @@ "shape": "string" }, { - "name": "ip_addresses", - "displayName": "IP Addresses", - "shape": "json" - }, - { - "name": "status", - "displayName": "Status", + "name": "platform", + "displayName": "Platform", "shape": "string" }, { - "name": "isolated", - "displayName": "Isolated", - "shape": "boolean" - }, - { - "name": "version", - "displayName": "Agent Version", + "name": "arch", + "displayName": "Architecture", "shape": "string" }, { - "name": "edr_version", - "displayName": "EDR Version", + "name": "ipv4_address", + "displayName": "IPv4 Address", "shape": "string" }, { - "name": "platform", - "displayName": "Platform", + "name": "external_ip", + "displayName": "External IP", "shape": "string" }, { - "name": "arch", - "displayName": "Architecture", - "shape": "string" + "name": "mac_addresses", + "displayName": "MAC Addresses", + "shape": "json" }, { - "name": "domain_name", - "displayName": "Domain Name", - "shape": "string" + "name": "tags", + "displayName": "Tags", + "shape": "json" }, { - "name": "ipv4_address", - "displayName": "IPv4 Address", + "name": "version", + "displayName": "Agent Version", "shape": "string" }, { - "name": "external_ip", - "displayName": "External IP", + "name": "edr_version", + "displayName": "EDR Version", "shape": "string" }, { @@ -114,6 +112,11 @@ "displayName": "Defender Substatus", "shape": "string" }, + { + "name": "defender_policy_status", + "displayName": "Defender Policy Status", + "shape": "string" + }, { "name": "firewall_status", "displayName": "Firewall Status", @@ -132,29 +135,26 @@ { "name": "last_callback_at", "displayName": "Last Callback At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "name": "last_survey_at", "displayName": "Last Survey At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "name": "created_at", "displayName": "Created At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "name": "updated_at", "displayName": "Updated At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "pattern": ".*" } ], - "manualConfigApply": true, - "matches": "none", - "rowPath": [], "timeframes": false -} \ No newline at end of file +} diff --git a/plugins/Huntress/v1/dataStreams/agentsByOrganization.json b/plugins/Huntress/v1/dataStreams/agentsByOrganization.json index 9c4e2f6..23eb3d4 100644 --- a/plugins/Huntress/v1/dataStreams/agentsByOrganization.json +++ b/plugins/Huntress/v1/dataStreams/agentsByOrganization.json @@ -1,16 +1,25 @@ { "name": "agentsByOrganization", - "displayName": "Agents by Organisation", - "description": "Agents filtered by a scoped Huntress Organisation", + "displayName": "Agents by Organization", + "description": "Agents filtered by a scoped Huntress Organization", "tags": ["Security", "Agents"], "baseDataSourceName": "httpRequestScoped", + "objectLimit": 1, + "matches": { + "sourceType": { + "type": "equals", + "value": "Huntress Organization" + } + }, "config": { "httpMethod": "get", "endpointPath": "/v1/agents", "pathToData": "agents", - "queryParameters": { - "organization_id": "{{objects[0].id}}" - }, + "expandInnerObjects": true, + "getArgs": [ + { "key": "organization_id", "value": "{{objects[0].id}}" } + ], + "headers": [], "paging": { "mode": "token", "pageSize": { @@ -28,17 +37,11 @@ } } }, - "matches": { - "sourceType": { - "type": "oneOf", - "values": ["Huntress Organization"] - } - }, "metadata": [ { "name": "id", "displayName": "Agent ID", - "shape": "number", + "shape": ["number", { "decimalPlaces": 0 }], "role": "id", "visible": false }, @@ -51,11 +54,16 @@ { "name": "organization_id", "displayName": "Organization ID", - "shape": "number" + "shape": ["number", { "decimalPlaces": 0 }] + }, + { + "name": "account_id", + "displayName": "Account ID", + "shape": ["number", { "decimalPlaces": 0 }] }, { - "name": "domain", - "displayName": "Domain", + "name": "domain_name", + "displayName": "Domain Name", "shape": "string" }, { @@ -64,53 +72,43 @@ "shape": "string" }, { - "name": "ip_addresses", - "displayName": "IP Addresses", - "shape": "json" - }, - { - "name": "status", - "displayName": "Status", + "name": "platform", + "displayName": "Platform", "shape": "string" }, { - "name": "isolated", - "displayName": "Isolated", - "shape": "boolean" - }, - { - "name": "version", - "displayName": "Agent Version", + "name": "arch", + "displayName": "Architecture", "shape": "string" }, { - "name": "edr_version", - "displayName": "EDR Version", + "name": "ipv4_address", + "displayName": "IPv4 Address", "shape": "string" }, { - "name": "platform", - "displayName": "Platform", + "name": "external_ip", + "displayName": "External IP", "shape": "string" }, { - "name": "arch", - "displayName": "Architecture", - "shape": "string" + "name": "mac_addresses", + "displayName": "MAC Addresses", + "shape": "json" }, { - "name": "domain_name", - "displayName": "Domain Name", - "shape": "string" + "name": "tags", + "displayName": "Tags", + "shape": "json" }, { - "name": "ipv4_address", - "displayName": "IPv4 Address", + "name": "version", + "displayName": "Agent Version", "shape": "string" }, { - "name": "external_ip", - "displayName": "External IP", + "name": "edr_version", + "displayName": "EDR Version", "shape": "string" }, { @@ -123,6 +121,11 @@ "displayName": "Defender Substatus", "shape": "string" }, + { + "name": "defender_policy_status", + "displayName": "Defender Policy Status", + "shape": "string" + }, { "name": "firewall_status", "displayName": "Firewall Status", @@ -141,27 +144,26 @@ { "name": "last_callback_at", "displayName": "Last Callback At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "name": "last_survey_at", "displayName": "Last Survey At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "name": "created_at", "displayName": "Created At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "name": "updated_at", "displayName": "Updated At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "pattern": ".*" } ], - "rowPath": [], "timeframes": false } diff --git a/plugins/Huntress/v1/dataStreams/escalations.json b/plugins/Huntress/v1/dataStreams/escalations.json index 4259150..8b896bc 100644 --- a/plugins/Huntress/v1/dataStreams/escalations.json +++ b/plugins/Huntress/v1/dataStreams/escalations.json @@ -8,6 +8,9 @@ "httpMethod": "get", "endpointPath": "/v1/escalations", "pathToData": "escalations", + "expandInnerObjects": true, + "getArgs": [], + "headers": [], "paging": { "mode": "token", "pageSize": { @@ -29,7 +32,7 @@ { "name": "id", "displayName": "Escalation ID", - "shape": "number", + "shape": ["number", { "decimalPlaces": 0 }], "role": "id", "visible": false }, @@ -47,7 +50,7 @@ { "name": "severity", "displayName": "Severity", - "shape": "string" + "shape": ["state", { "map": { "error": ["critical"], "warning": ["high"], "success": ["low"] } }] }, { "name": "status", @@ -62,24 +65,21 @@ { "name": "resolved_at", "displayName": "Resolved At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "name": "created_at", "displayName": "Created At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "name": "updated_at", "displayName": "Updated At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "pattern": ".*" } ], - "manualConfigApply": true, - "matches": "none", - "rowPath": [], "timeframes": false } diff --git a/plugins/Huntress/v1/dataStreams/external_ports.json b/plugins/Huntress/v1/dataStreams/external_ports.json index 39f7b41..34071cc 100644 --- a/plugins/Huntress/v1/dataStreams/external_ports.json +++ b/plugins/Huntress/v1/dataStreams/external_ports.json @@ -8,6 +8,9 @@ "httpMethod": "get", "endpointPath": "/v1/external_ports", "pathToData": "external_ports", + "expandInnerObjects": true, + "getArgs": [], + "headers": [], "paging": { "mode": "token", "pageSize": { @@ -29,7 +32,7 @@ { "name": "id", "displayName": "Port Record ID", - "shape": "number", + "shape": ["number", { "decimalPlaces": 0 }], "role": "id", "visible": false }, @@ -42,7 +45,7 @@ { "name": "port", "displayName": "Port", - "shape": "number" + "shape": ["number", { "decimalPlaces": 0 }] }, { "name": "protocol", @@ -67,19 +70,16 @@ { "name": "last_scan_at", "displayName": "Last Scan At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "name": "last_external_scan_at", "displayName": "Last External Scan At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "pattern": ".*" } ], - "manualConfigApply": true, - "matches": "none", - "rowPath": [], "timeframes": false } diff --git a/plugins/Huntress/v1/dataStreams/incident_reports.json b/plugins/Huntress/v1/dataStreams/incident_reports.json index cdf022a..45cbd6b 100644 --- a/plugins/Huntress/v1/dataStreams/incident_reports.json +++ b/plugins/Huntress/v1/dataStreams/incident_reports.json @@ -1,12 +1,16 @@ { "name": "incident_reports", "displayName": "Incident Reports", + "description": "Incident reports raised by the Huntress SOC against your agents", "tags": ["Security", "Incidents"], "baseDataSourceName": "httpRequestUnscoped", "config": { "httpMethod": "get", "endpointPath": "/v1/incident_reports", "pathToData": "incident_reports", + "expandInnerObjects": true, + "getArgs": [], + "headers": [], "paging": { "mode": "token", "pageSize": { @@ -28,7 +32,7 @@ { "name": "id", "displayName": "Incident ID", - "shape": "number", + "shape": ["number", { "decimalPlaces": 0 }], "role": "id", "visible": false }, @@ -41,7 +45,7 @@ { "name": "severity", "displayName": "Severity", - "shape": "string" + "shape": ["state", { "map": { "error": ["critical"], "warning": ["high"], "success": ["low"] } }] }, { "name": "status", @@ -56,12 +60,12 @@ { "name": "organization_id", "displayName": "Organization ID", - "shape": "number" + "shape": ["number", { "decimalPlaces": 0 }] }, { "name": "agent_id", "displayName": "Agent ID", - "shape": "number" + "shape": ["number", { "decimalPlaces": 0 }] }, { "name": "indicator_types", @@ -76,29 +80,26 @@ { "name": "sent_at", "displayName": "Sent At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "name": "closed_at", "displayName": "Closed At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "name": "status_updated_at", "displayName": "Status Updated At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "name": "updated_at", "displayName": "Updated At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "pattern": ".*" } ], - "manualConfigApply": true, - "matches": "none", - "rowPath": [], "timeframes": false -} \ No newline at end of file +} diff --git a/plugins/Huntress/v1/dataStreams/organizations.json b/plugins/Huntress/v1/dataStreams/organizations.json index 9f856a0..4f529dc 100644 --- a/plugins/Huntress/v1/dataStreams/organizations.json +++ b/plugins/Huntress/v1/dataStreams/organizations.json @@ -8,6 +8,9 @@ "httpMethod": "get", "endpointPath": "/v1/organizations", "pathToData": "organizations", + "expandInnerObjects": true, + "getArgs": [], + "headers": [], "paging": { "mode": "token", "pageSize": { @@ -29,7 +32,7 @@ { "name": "id", "displayName": "Organization ID", - "shape": "number", + "shape": ["number", { "decimalPlaces": 0 }], "role": "id", "visible": false }, @@ -42,22 +45,22 @@ { "name": "agents_count", "displayName": "Agents", - "shape": "number" + "shape": ["number", { "decimalPlaces": 0 }] }, { "name": "incident_reports_count", "displayName": "Incident Reports", - "shape": "number" + "shape": ["number", { "decimalPlaces": 0 }] }, { "name": "logs_sources_count", "displayName": "SIEM Sources", - "shape": "number" + "shape": ["number", { "decimalPlaces": 0 }] }, { "name": "billable_identity_count", "displayName": "Billable Identities", - "shape": "number" + "shape": ["number", { "decimalPlaces": 0 }] }, { "name": "key", @@ -67,19 +70,16 @@ { "name": "created_at", "displayName": "Created At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "name": "updated_at", "displayName": "Updated At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "pattern": ".*" } ], - "manualConfigApply": true, - "matches": "none", - "rowPath": [], "timeframes": false -} \ No newline at end of file +} diff --git a/plugins/Huntress/v1/dataStreams/signals.json b/plugins/Huntress/v1/dataStreams/signals.json index abd97a8..afd890b 100644 --- a/plugins/Huntress/v1/dataStreams/signals.json +++ b/plugins/Huntress/v1/dataStreams/signals.json @@ -8,6 +8,9 @@ "httpMethod": "get", "endpointPath": "/v1/signals", "pathToData": "signals", + "expandInnerObjects": true, + "getArgs": [], + "headers": [], "paging": { "mode": "token", "pageSize": { @@ -29,7 +32,7 @@ { "name": "id", "displayName": "Signal ID", - "shape": "number", + "shape": ["number", { "decimalPlaces": 0 }], "role": "id", "visible": false }, @@ -55,36 +58,48 @@ "shape": "string" }, { - "name": "entity", + "name": "entity.id", + "displayName": "Entity ID", + "shape": ["number", { "decimalPlaces": 0 }] + }, + { + "name": "entity.name", "displayName": "Entity", - "shape": "json" + "shape": "string" }, { - "name": "organization", + "name": "entity.type", + "displayName": "Entity Type", + "shape": "string" + }, + { + "name": "organization.id", + "displayName": "Organization ID", + "shape": ["number", { "decimalPlaces": 0 }] + }, + { + "name": "organization.name", "displayName": "Organization", - "shape": "json" + "shape": "string" }, { "name": "investigated_at", "displayName": "Investigated At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "name": "created_at", "displayName": "Created At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "name": "updated_at", "displayName": "Updated At", - "shape": "date" + "shape": ["date", { "timeZone": "Etc/UTC" }] }, { "pattern": ".*" } ], - "manualConfigApply": true, - "matches": "none", - "rowPath": [], "timeframes": false } diff --git a/plugins/Huntress/v1/defaultContent/agents.dash.json b/plugins/Huntress/v1/defaultContent/agents.dash.json index e3caf3b..5c28a35 100644 --- a/plugins/Huntress/v1/defaultContent/agents.dash.json +++ b/plugins/Huntress/v1/defaultContent/agents.dash.json @@ -36,10 +36,10 @@ "data-stream-table": { "columnOrder": [ "hostname", - "domain", + "domain_name", "os", - "status", - "isolated", + "firewall_status", + "defender_status", "version" ] } diff --git a/plugins/Huntress/v1/defaultContent/scopes.json b/plugins/Huntress/v1/defaultContent/scopes.json index 47b70ba..3dff890 100644 --- a/plugins/Huntress/v1/defaultContent/scopes.json +++ b/plugins/Huntress/v1/defaultContent/scopes.json @@ -2,10 +2,8 @@ { "matches": { "sourceType": { - "type": "oneOf", - "values": [ - "Huntress Agent" - ] + "type": "equals", + "value": "Huntress Agent" } }, "name": "Huntress Agents", @@ -19,17 +17,15 @@ { "matches": { "sourceType": { - "type": "oneOf", - "values": [ - "Huntress Organization" - ] + "type": "equals", + "value": "Huntress Organization" } }, - "name": "Huntress Organisations", + "name": "Huntress Organizations", "variable": { "allowMultipleSelection": false, "default": "none", - "name": "Organisation", + "name": "Organization", "type": "object" } } diff --git a/plugins/Huntress/v1/docs/README.md b/plugins/Huntress/v1/docs/README.md index 3b03234..047af29 100644 --- a/plugins/Huntress/v1/docs/README.md +++ b/plugins/Huntress/v1/docs/README.md @@ -12,8 +12,14 @@ To connect SquaredUp to Huntress, you will need to generate API credentials. You will receive a **Public Key** and a **Private Key**. These will act as your `publicKey` and `privateKey` in SquaredUp. **Important:** Make sure to copy the private key immediately, as it may only be displayed once! +The default account-level credential is read-only, which is all this plugin needs. + ## Configuring the Plugin in SquaredUp 1. Add the **Huntress** plugin in SquaredUp. 2. Enter the **Public Key** and **Private Key** generated from Huntress. -3. Save the configuration to begin querying your agents, organizations, and incident reports. \ No newline at end of file +3. Save the configuration to begin querying your agents, organizations, and incident reports. + +## Rate limits + +The Huntress API is limited to 60 requests per minute on a sliding window. Initial syncs of large environments (thousands of agents or many incident reports) may take longer to complete as the plugin paginates within this limit. \ No newline at end of file diff --git a/plugins/Huntress/v1/metadata.json b/plugins/Huntress/v1/metadata.json index ebd3403..dd90c1a 100644 --- a/plugins/Huntress/v1/metadata.json +++ b/plugins/Huntress/v1/metadata.json @@ -1,12 +1,12 @@ { "name": "huntress", "displayName": "Huntress", - "version": "1.0.8", + "version": "1.0.9", "author": { "name": "@Deenk", "type": "community" }, - "description": "Query agents, incidents, and organizations from your Huntress Managed Security Platform account.", + "description": "Monitor agents, incidents, and organizations across your Huntress Managed Security Platform.", "category": "Security", "type": "cloud", "schemaVersion": "2.0", From 9ba2d2056f4df698ff414fed2ccc2315471eb0f8 Mon Sep 17 00:00:00 2001 From: Dan Watts Date: Mon, 1 Jun 2026 11:25:43 +0100 Subject: [PATCH 13/13] add platform_actions data stream and fix pre-PR review findings --- .../Huntress/v1/dataStreams/escalations.json | 10 ++ .../v1/dataStreams/platform_actions.json | 95 +++++++++++++++++++ .../v1/defaultContent/incidents.dash.json | 2 +- .../Huntress/v1/defaultContent/manifest.json | 4 + .../defaultContent/platform_actions.dash.json | 52 ++++++++++ plugins/Huntress/v1/metadata.json | 4 +- 6 files changed, 165 insertions(+), 2 deletions(-) create mode 100644 plugins/Huntress/v1/dataStreams/platform_actions.json create mode 100644 plugins/Huntress/v1/defaultContent/platform_actions.dash.json diff --git a/plugins/Huntress/v1/dataStreams/escalations.json b/plugins/Huntress/v1/dataStreams/escalations.json index 8b896bc..d589613 100644 --- a/plugins/Huntress/v1/dataStreams/escalations.json +++ b/plugins/Huntress/v1/dataStreams/escalations.json @@ -57,11 +57,21 @@ "displayName": "Status", "shape": ["state", { "map": { "success": ["resolved"], "warning": ["open", "sent"] } }] }, + { + "name": "subtype", + "displayName": "Subtype", + "shape": "string" + }, { "name": "organizations", "displayName": "Organizations", "shape": "json" }, + { + "name": "due_at", + "displayName": "Due At", + "shape": ["date", { "timeZone": "Etc/UTC" }] + }, { "name": "resolved_at", "displayName": "Resolved At", diff --git a/plugins/Huntress/v1/dataStreams/platform_actions.json b/plugins/Huntress/v1/dataStreams/platform_actions.json new file mode 100644 index 0000000..7503d0c --- /dev/null +++ b/plugins/Huntress/v1/dataStreams/platform_actions.json @@ -0,0 +1,95 @@ +{ + "name": "platform_actions", + "displayName": "Platform Actions", + "description": "Operational issues requiring attention, such as Defender being disabled or integration failures", + "tags": ["Security", "Incidents"], + "baseDataSourceName": "httpRequestUnscoped", + "config": { + "httpMethod": "get", + "endpointPath": "/v1/platform_actions", + "pathToData": "platform_actions", + "expandInnerObjects": true, + "getArgs": [], + "headers": [], + "paging": { + "mode": "token", + "pageSize": { + "realm": "queryArg", + "path": "limit", + "value": "500" + }, + "in": { + "realm": "payload", + "path": "pagination.next_page_token" + }, + "out": { + "realm": "queryArg", + "path": "page_token" + } + } + }, + "metadata": [ + { + "name": "id", + "displayName": "Platform Action ID", + "shape": ["number", { "decimalPlaces": 0 }], + "role": "id", + "visible": false + }, + { + "name": "subject", + "displayName": "Subject", + "shape": "string", + "role": "label" + }, + { + "name": "type", + "displayName": "Type", + "shape": "string" + }, + { + "name": "severity", + "displayName": "Severity", + "shape": ["state", { "map": { "error": ["critical"], "warning": ["high"], "success": ["low"] } }] + }, + { + "name": "status", + "displayName": "Status", + "shape": ["state", { "map": { "success": ["resolved"], "warning": ["open", "sent"] } }] + }, + { + "name": "subtype", + "displayName": "Subtype", + "shape": "string" + }, + { + "name": "organizations", + "displayName": "Organizations", + "shape": "json" + }, + { + "name": "due_at", + "displayName": "Due At", + "shape": ["date", { "timeZone": "Etc/UTC" }] + }, + { + "name": "resolved_at", + "displayName": "Resolved At", + "shape": ["date", { "timeZone": "Etc/UTC" }] + }, + { + "name": "created_at", + "displayName": "Created At", + "shape": ["date", { "timeZone": "Etc/UTC" }] + }, + { + "name": "updated_at", + "displayName": "Updated At", + "shape": ["date", { "timeZone": "Etc/UTC" }] + }, + { + "pattern": ".*" + } + ], + "timeframes": false +} diff --git a/plugins/Huntress/v1/defaultContent/incidents.dash.json b/plugins/Huntress/v1/defaultContent/incidents.dash.json index 8c5dd5c..929fc32 100644 --- a/plugins/Huntress/v1/defaultContent/incidents.dash.json +++ b/plugins/Huntress/v1/defaultContent/incidents.dash.json @@ -40,7 +40,7 @@ "status", "organization_id", "agent_id", - "created_at" + "sent_at" ] } } diff --git a/plugins/Huntress/v1/defaultContent/manifest.json b/plugins/Huntress/v1/defaultContent/manifest.json index 943d84a..d26e305 100644 --- a/plugins/Huntress/v1/defaultContent/manifest.json +++ b/plugins/Huntress/v1/defaultContent/manifest.json @@ -7,6 +7,10 @@ { "name": "incidents", "type": "dashboard" + }, + { + "name": "platform_actions", + "type": "dashboard" } ] } diff --git a/plugins/Huntress/v1/defaultContent/platform_actions.dash.json b/plugins/Huntress/v1/defaultContent/platform_actions.dash.json new file mode 100644 index 0000000..c5f0475 --- /dev/null +++ b/plugins/Huntress/v1/defaultContent/platform_actions.dash.json @@ -0,0 +1,52 @@ +{ + "name": "Huntress Platform Actions", + "path": "platform_actions", + "folderPath": [], + "schemaVersion": "1.4", + "dashboard": { + "_type": "layout/grid", + "version": 1, + "columns": 12, + "contents": [ + { + "x": 0, + "y": 0, + "w": 12, + "h": 8, + "i": "c3d4e5f6-a7b8-9012-cdef-123456789012", + "static": false, + "moved": false, + "z": 0, + "config": { + "timeframe": "none", + "dataStream": { + "name": "platform_actions", + "id": "{{dataStreams.platform_actions}}", + "pluginConfigId": "{{configId}}" + }, + "_type": "tile/data-stream", + "description": "", + "activePluginConfigIds": [ + "{{configId}}" + ], + "title": "All Platform Actions", + "visualisation": { + "type": "data-stream-table", + "config": { + "data-stream-table": { + "columnOrder": [ + "subject", + "severity", + "status", + "type", + "subtype", + "created_at" + ] + } + } + } + } + } + ] + } +} diff --git a/plugins/Huntress/v1/metadata.json b/plugins/Huntress/v1/metadata.json index dd90c1a..1eceb86 100644 --- a/plugins/Huntress/v1/metadata.json +++ b/plugins/Huntress/v1/metadata.json @@ -1,7 +1,7 @@ { "name": "huntress", "displayName": "Huntress", - "version": "1.0.9", + "version": "1.0.0", "author": { "name": "@Deenk", "type": "community" @@ -9,6 +9,8 @@ "description": "Monitor agents, incidents, and organizations across your Huntress Managed Security Platform.", "category": "Security", "type": "cloud", + "restrictedToPlatforms": [], + "importNotSupported": false, "schemaVersion": "2.0", "base": { "plugin": "WebAPI",