Huntress Integration

Connect your Huntress EDR platform to automatically collect endpoint protection coverage, threat detection data, and security posture evidence.

What Data Is Collected

Huntress provides critical evidence for endpoint protection and threat detection controls:

Agents & Coverage

• Agent Inventory - Complete list of endpoints with Huntress agent installed
• Agent Status - Online/offline, version, last check-in time
• Coverage Gaps - Endpoints without EDR protection (zero-agent detection)
• Agent Health - Update status, connectivity issues, misconfigurations
• Deployment Info - Install date, agent version, update channel

Threat Detection

• Threats Detected - Malware, ransomware, suspicious processes
• Threats Blocked - Prevented attacks, quarantined files
• Threat Severity - Critical, high, medium, low classifications
• Remediation Status - Active threats vs. resolved incidents
• Threat Timeline - Detection dates, response actions, resolution time

Security Posture

• Endpoint Protection Status - Percentage of endpoints protected
• Incident History - Past threats, response actions, lessons learned
• Security Alerts - Policy violations, suspicious activity, configuration issues
• Managed Threat Response - Huntress SOC actions on your behalf

Organizations

• Huntress Organizations - Auto-mapped to LanternOps customers
• Organization Status - Active agents per org, coverage percentage
• Account Info - Account type, features enabled, license status

Compliance Mapping

Huntress data automatically satisfies these compliance controls:

Compliance Framework	Controls Satisfied	Evidence Provided
CIS Controls v8.1	10.1, 10.5, 13.1, 13.7	Malware defenses, EDR deployment, network monitoring, application whitelisting
NIST CSF 2.0	PR.DS-5, DE.CM-4, RS.RP-1	Protection against malware, malicious code detection, response and recovery planning
CMMC Level 2	SI.1.210, SI.1.211, SI.2.216	Flaw remediation, malicious code protection, threat monitoring
HIPAA Security Rule	164.308(a)(5)(ii)(B)	Protection from malicious software
SOC 2	CC6.8, CC7.2, CC7.3	Protection against malware, system monitoring, detection of anomalies
PCI DSS v4.0	5.1, 5.2, 5.3	Malware protection, malware detection systems, anti-malware mechanisms

Example: CIS Control 10.1

Control Requirement:

“Deploy and maintain anti-malware software on all enterprise assets”

Huntress Evidence:

✅ 142 of 147 endpoints protected (96.6% coverage)
✅ Last Sync: 3 hours ago
✅ Protection Details:
   - EDR Agents Active: 142
   - Agents Offline: 5 (flagged for remediation)
   - Threats Blocked (30 days): 8 ransomware attempts, 14 malware infections
   - Remediation Time: Average 12 minutes
   - SOC Monitoring: 24/7 active
✅ Coverage Gap: 5 endpoints need agent installation
   → Opportunity: $250/month to close gap

Status: PARTIALLY SATISFIED (96.6% coverage)
Recommendation: Install agents on remaining 5 endpoints

Setup Instructions

Step 1: Create Huntress API Credentials

1. Log in to Huntress Dashboard (https://huntress.io)

2. Navigate to Account Settings → API Credentials

3. Click Create API Key

4. Configure API key:

   • Name: “LanternOps Integration”
   • Permissions: Read-only (select all read scopes)
   • Expiration: 1 year (recommended)

5. Click Create

6. Copy both values immediately:

   • API Public Key (looks like: pk_abc123...)
   • API Secret Key (looks like: sk_xyz789...)

   ⚠️ Secret key is shown only once - save it securely!

Step 2: Find Your Organization ID (Optional)

For MSPs with multiple Huntress organizations:

1. In Huntress Dashboard, navigate to Organizations
2. Click on the organization you want to sync
3. Copy Organization ID from URL:
   • URL: https://huntress.io/organizations/12345
   • Organization ID: 12345
4. Repeat for each organization to sync

Leave blank to sync all organizations (recommended for most MSPs)

Step 3: Configure LanternOps Integration

1. Log in to LanternOps
2. Navigate to Integrations → Huntress
3. Click Configure Integration
4. Enter credentials:
   • Name: “Primary Huntress”
   • API Public Key: [Paste from Step 1]
   • API Secret Key: [Paste from Step 1]
   • Organization ID: [Optional - leave blank for all orgs]
5. Click Save & Test Connection
6. Verify “Connection Successful” message

Step 4: Configure Sync Settings

Default Settings (Recommended):

• Sync Enabled: ON
• Sync Frequency: Every 4 hours
• Sync All Organizations: Yes

Click Save Settings

Step 5: Run Initial Sync

1. Click Sync Now button
2. First sync takes 10-20 minutes (imports all agents and threat history)
3. Monitor progress in ETL Health Dashboard (/platform/etl/)
4. Verify data appears:
   • Navigate to Security → EDR Coverage
   • Should see all Huntress-protected endpoints
   • Check Threats tab for detection history

Customer Mapping

LanternOps automatically maps Huntress organizations to your customers.

Automatic Mapping

Matching Strategies (in order):

1. Exact Name Match

   • Huntress Org: “Acme Corporation”
   • LanternOps Customer: “Acme Corporation”
   • Result: ✅ Auto-matched (100% confidence)

2. Fuzzy Name Match

   • Huntress Org: “Acme Corp”
   • LanternOps Customer: “Acme Corporation”
   • Result: ✅ Auto-matched (85% confidence)

3. Domain Match

   • Huntress Org Contact: “[email protected]”
   • LanternOps Customer Domain: “acme.com”
   • Result: ✅ Auto-matched (80% confidence)

Success Rate: >80% of organizations auto-match successfully

Manual Mapping

If auto-match fails:

1. Navigate to Integrations → Huntress → Customer Mapping
2. View unmapped organizations
3. Click Map to Customer for each unmapped org
4. Select correct LanternOps customer from dropdown
5. Click Save Mapping

Zero-Agent Detection

Huntress integration includes intelligent gap detection:

How It Works

1. Cross-Reference with RMM

   • LanternOps compares NinjaOne device list with Huntress agent list
   • Identifies endpoints without Huntress agent installed

2. Calculate Coverage Gap

   • Total Endpoints: 147 (from NinjaOne)
   • Huntress Agents: 142
   • Gap: 5 endpoints unprotected (3.4%)

3. Auto-Generate Opportunity

   • Revenue: 5 endpoints × $50/month = $250/month
   • Annual Value: $3,000
   • Compliance Risk: CIS 10.1 not fully satisfied

Viewing Coverage Gaps

Navigate to Security → EDR Coverage:

Coverage Dashboard Shows:

• Total endpoints discovered
• Huntress agents active
• Coverage percentage
• Unprotected endpoints (with hostnames)
• Revenue opportunity to close gap

Example Display:

EDR Coverage: 96.6% (142 of 147 endpoints)

⚠️ Gap Identified: 5 endpoints need Huntress agent
   - ACME-LAPTOP-03
   - ACME-WORKSTATION-17
   - ACME-SERVER-BACKUP
   - ACME-LAPTOP-22
   - ACME-KIOSK-01

Revenue Opportunity: $250/month ($3,000/year)
Compliance Impact: CIS 10.1 PARTIALLY SATISFIED

Sync Schedule

Default Frequency: Every 4 hours

Sync Times (24-hour cycle):

• 12:00 AM
• 4:00 AM
• 8:00 AM
• 12:00 PM
• 4:00 PM
• 8:00 PM

What Gets Synced Each Cycle:

Data Type	Sync Method	Records Updated
Agents	Incremental	Only new/changed agents
Organizations	Full	All organizations (lightweight)
Threats	Incremental	Last 30 days only
Incidents	Incremental	Active + recently resolved

First Sync vs. Subsequent Syncs:

• First Sync: 10-20 minutes (full historical import)
• Incremental Sync: 3-5 minutes (only changes)

Monitoring & Troubleshooting

Check Sync Health

Navigate to ETL Health Dashboard (/platform/etl/):

Healthy Sync Indicators:

• 🟢 Status: Healthy
• ✅ Failure Rate: <5%
• ⏱️ Last Sync: Within last 4 hours
• 📊 Records Synced: >0 agents per sync

Common Issues

”Authentication Failed” Error

Cause: Invalid API keys or permissions

Solution:

1. Verify both API keys are correct (public and secret)
2. Check API key hasn’t expired (Huntress → Account Settings → API Credentials)
3. Ensure API key has read permissions for:
   • Agents
   • Organizations
   • Threats/Incidents
4. Try regenerating API key with full read access

”No Agents Found” After Sync

Cause: Organization ID filter or API scope issue

Solution:

1. Remove Organization ID filter - leave blank to sync all orgs
2. Check API key has access to all organizations in your Huntress account
3. Verify organizations exist in Huntress Dashboard
4. Try manual sync: Integrations → Huntress → Sync Now

”Rate Limit Exceeded” Error

Cause: Too many API requests in short period

Solution:

• Automatic recovery: ETL system retries after 15 minutes
• If persistent: Reduce sync frequency to every 6 hours
• Workaround: Contact Huntress support to increase API rate limits

”Customer Auto-Mapping Failed”

Cause: Huntress organization names don’t match LanternOps customers

Solution:

1. Use Manual Mapping (see above)
2. Navigate to Integrations → Huntress → Customer Mapping
3. Map each unmapped organization manually
4. Best Practice: Use consistent naming across platforms

”Zero-Agent Detection Not Working”

Cause: Missing NinjaOne integration

Solution:

• Zero-agent detection requires NinjaOne integration to compare device lists
• Set up NinjaOne integration
• After both integrations active, gaps will appear automatically

Verify Data Accuracy

After first sync, verify:

1. Agent Count Matches

   • Huntress Dashboard: Count total agents
   • LanternOps: Navigate to Security → EDR Coverage
   • Counts should match exactly

2. Customer Mapping Correct

   • Review Customer Mapping page
   • Ensure all Huntress orgs mapped to correct customers

3. Threat Data Present

   • Check Threats tab in Security dashboard
   • Should see recent detections (if any occurred)

4. Coverage Calculation Accurate

   • If NinjaOne integrated: Coverage % should match (Huntress agents / NinjaOne devices)
   • Verify unprotected endpoint list is accurate

Business Value

Security Value

Threat Detection Proof:

• Real-time visibility into ransomware attempts blocked
• Evidence of 24/7 SOC monitoring
• Incident response timeline documentation
• Proof of malware protection for compliance

Example Customer Value:

“In the last 30 days, Huntress detected and blocked 3 ransomware attempts targeting your finance department. Average response time: 12 minutes. This protection satisfies CIS Control 10.1 and prevents potential $250,000 in ransomware damage.”

Compliance Value

Frameworks Covered:

• CIS Controls (4 controls satisfied)
• NIST CSF (3 controls satisfied)
• CMMC Level 2 (3 controls satisfied)
• HIPAA (1 control satisfied)
• SOC 2 (3 controls satisfied)
• PCI DSS (3 controls satisfied)

Audit Package Includes:

• EDR coverage percentage
• Threat detection/response timeline
• Agent deployment status
• Incident history and remediation
• Evidence timestamps

Revenue Opportunities

Huntress data powers automatic opportunity detection:

Coverage Gap Opportunities:

• Find endpoints without EDR agent
• Calculate: Gaps × $50/month
• Generate pitch: “$250/month to achieve 100% EDR coverage”

Incident-Based Upsells:

• Customer experiences multiple threats → Recommend managed SOC service
• Ransomware attempt detected → Upsell backup/disaster recovery
• Persistent threats → Recommend security awareness training

Compliance-Driven Sales:

• Customer pursuing CMMC/HIPAA → EDR is required control
• Show gap: “You need 100% EDR coverage to achieve compliance”
• Close deal with compliance urgency

Average Revenue Found: $2,000-$4,000 per customer

Best Practices

Setup

• ✅ Use read-only API credentials (LanternOps never writes to Huntress)
• ✅ Don’t specify Organization ID unless you only want to sync specific orgs
• ✅ Save API secret key in password manager (shown only once during creation)
• ✅ Test sync with one organization first before enabling all

Ongoing Maintenance

• ✅ Review EDR Coverage Dashboard weekly
• ✅ Check for new coverage gaps as you add customers
• ✅ Monitor threat detection to prove value to customers
• ✅ Rotate API credentials every 12 months

Security

• ✅ Credentials are encrypted at rest (AES-256)
• ✅ Never shared across MSP tenants
• ✅ API key uses read-only permissions
• ✅ Enable API key expiration in Huntress (12-month rotation)

Performance

• ✅ Keep sync frequency at 4 hours (balances freshness and API limits)
• ✅ First sync during off-hours (takes 10-20 minutes)
• ✅ Monitor failure rate (should be <5%)

API Permissions Required

Minimum Scopes (Read-Only)

agents:read           - Read agent inventory and status
organizations:read    - Read organization details
incidents:read        - Read threat detections and incidents
reports:read          - Read threat reports and analytics

Important: API key must have all organizations access, not just specific ones (unless filtering by Organization ID).

Next Steps

1. Verify Coverage Data

   • Check Security → EDR Coverage
   • Confirm agent counts match Huntress Dashboard
   • Review Customer Mapping

2. Set Up Zero-Agent Detection

   • Ensure NinjaOne integration is active
   • Navigate to EDR Coverage to see gaps
   • Generate coverage gap opportunities

3. Enable Threat Alerts

   • Configure notification rules for new threats
   • Set up customer-facing alerts in portal
   • Notification Setup Guide

4. Generate Compliance Evidence

   • Navigate to Compliance → Audit Packages
   • Select framework (e.g., CIS Controls)
   • See Huntress evidence for controls 10.1, 10.5, 13.1

Questions?

• What if agents aren’t syncing?
• How does zero-agent detection work?
• Why is my sync failing?
• How do I prove EDR value to customers?
• Contact Support