Huntress integration
If you’re new to integrations in Rewst, read through our introductory integration documentation here.
What does the Huntress integration do?
Our Huntress integration enables the automation of threat detection and response. Use the Huntress API within Rewst to manage incident reports and billing, and access detailed data for organizations and agents.
Set up the Huntress integration
Set up steps in Huntress
To Enable REST API Within your Huntress Account you may need to contact Huntress support.
Log in to your Huntress account
Click the menu in the top left corner of your dashboard.
Go to API Credentials.
Generate a new API token.
Copy both the private and public API keys and store them somewhere secure. You'll need this information for further steps in Rewst.
You can find more about this process here.
Set up steps in Rewst
Follow the below steps to configure a new integration:
Navigate to Marketplace > Integrations in the left side menu of your Rewst platform.
Search for
Huntressin the integrations page.Click on the integration tile to launch the configuration setup page.
Under Parameters, enter the information copied from Huntress into its relevant fields:
Private API Key
Public API Key
Click Save Configuration.
Rewst will do a quick validation of your input. Once completed, you'll see a new section beneath the configuration form for organization mapping. Complete your mapping as desired.
Got an idea for a new Integration? Rewst is constantly adding new integrations to our integrations page. Submit your idea or upvote existing ideas here in our Canny feedback collector.
Actions and endpoints
For more on how actions work in Rewst, check out our introductory actions documentation here.
List organizations
GET
/v1/organizations
List agents
GET
/v1/agents
List billing reports
GET
/v1/billing_reports
List reports
GET
/v1/reports
List incident reports
GET
/v1/incident_reports
List memberships
GET
/v1/memberships
Get a specific organization
GET
/v1/organizations/{id}
Get a specific agent
GET
/v1/agents/{id}
Get a specific incident report
GET
/v1/incident_reports/{id}
Get a specific report
GET
/v1/reports/{id}
Get a specific billing report
GET
/v1/billing_reports/{id}
Get current account info (test action)
GET
/v1/account
Create a new account (reseller)
POST
/v1/accounts
Create a new organization
POST
/v1/organizations
Create org under a specific account
POST
/v1/accounts/{account_id}/organizations
Resolve an incident report
POST
/v1/incident_reports/{id}/resolution
Resolve incident report (reseller)
POST
/v1/accounts/{account_id}/incident_reports/{id}/resolution
Bulk approve remediations
POST
/v1/incident_reports/{id}/remediations/bulk_approval
Bulk approve remediations (reseller)
POST
/v1/accounts/{account_id}/incident_reports/{id}/remediations/bulk_approval
Bulk reject remediations
POST
/v1/incident_reports/{id}/remediations/bulk_rejection
Bulk reject remediations (reseller)
POST
/v1/accounts/{account_id}/incident_reports/{id}/remediations/bulk_rejection
Invite user to org/account
POST
/v1/memberships
Invite user (reseller)
POST
/v1/accounts/{account_id}/memberships
Resolve an escalation
POST
/v1/escalations/{id}/resolution
Permanently disable account (irreversible)
DELETE
/v1/accounts/{account_id}
Delete organization & uninstall agents
DELETE
/v1/organizations/{id}
Delete org (reseller)
DELETE
/v1/accounts/{account_id}/organizations/{id}
Delete a membership
DELETE
/v1/memberships/{id}
Delete membership (reseller)
DELETE
/v1/accounts/{account_id}/memberships/{id}
Generic authenticated API request
*
(any)
Reply…Also send to squad-ecosystem
Last updated
Was this helpful?