Huntress Integration

Connect your Huntress EDR platform to automatically collect usage data, billing information, and agent deployment coverage for revenue tracking and compliance evidence.

Note: This integration currently focuses on usage tracking and billing data from Huntress. For detailed threat detection and incident response data, contact support about the expanded Huntress security integration (coming soon).

What Data Is Collected

Huntress provides usage and billing data for revenue tracking and compliance:

Usage Tracking

Agent Deployments - Count of active Huntress agents per customer organization
Billing Metrics - Billable seat counts, subscription usage
Product SKUs - Which Huntress products/features are deployed (EDR, Managed AV, etc.)
Usage Trends - Month-over-month agent count changes
License Utilization - Active vs. purchased licenses

Organization Data

Huntress Organizations - Auto-mapped to LanternOps customers
Organization Status - Active seat counts, billing status
Account Info - Account type, features enabled, subscription tier

Revenue Intelligence

Billable Seats - Current agent count for accurate billing
Revenue Per Customer - MRR calculation based on Huntress pricing
Growth Tracking - Agent deployment increases (expansion revenue)
Churn Detection - Agent count decreases (potential churn)

Compliance Mapping

Huntress usage data provides evidence of EDR deployment for compliance:

Compliance Framework	Controls Supported	Evidence Provided
CIS Controls v8.1	10.1	EDR deployment coverage, endpoint protection status
NIST CSF 2.0	PR.DS-5	Protection against malware (deployment evidence)
CMMC Level 2	SI.1.210	Malicious code protection deployment
SOC 2	CC6.8	Protection against malware (deployment tracking)

Note: Usage tracking provides deployment evidence. For detailed threat detection logs and incident response evidence, the expanded Huntress security integration is required.

Example: EDR Deployment Tracking

Use Case:

Prove you have EDR protection deployed across customer environments

Huntress Usage Evidence:

✅ 142 Huntress agents deployed across customer organization
✅ Last Sync: 4 hours ago
✅ Deployment Details:
   - Billable Seats: 142
   - Product: Huntress Managed EDR
   - Monthly Cost: $7,100 (142 seats × $50/month)
   - Deployment Date: 2024-03-15
✅ Revenue Tracking:
   - MRR: $7,100
   - Growth: +12 seats since last quarter
   - Churn: 0 seats removed

Status: EDR protection deployed (usage tracked)
Business Value: $85,200 ARR from this customer

Setup Instructions

Step 1: Create Huntress API Credentials

Log in to Huntress Dashboard (https://huntress.io)
Navigate to Account Settings → API Credentials
Click Create API Key
Configure API key:
- Name: “LanternOps Integration”
- Permissions: Read-only (select all read scopes)
- Expiration: 1 year (recommended)
Click Create
Copy both values immediately:
- API Public Key (looks like: pk_abc123...)
- API Secret Key (looks like: sk_xyz789...)
⚠️ Secret key is shown only once - save it securely!

Step 2: Find Your Organization ID (Optional)

For MSPs with multiple Huntress organizations:

In Huntress Dashboard, navigate to Organizations
Click on the organization you want to sync
Copy Organization ID from URL:
- URL: https://huntress.io/organizations/12345
- Organization ID: 12345
Repeat for each organization to sync

Leave blank to sync all organizations (recommended for most MSPs)

Step 3: Configure LanternOps Integration

Log in to LanternOps
In the sidebar, click Integrations
Click the Configure button next to Huntress
Enter credentials:
- Name: “Primary Huntress”
- API Public Key: [Paste from Step 1]
- API Secret Key: [Paste from Step 1]
- Organization ID: [Optional - leave blank for all orgs]
Click the Test Connection button
Click the Save button

Step 4: Configure Sync Settings

Default Settings (Recommended):

Sync Enabled: ON
Sync Frequency: Every 4 hours
Sync All Organizations: Yes

Click Save Settings

Step 5: Run Initial Sync

Click Sync Now button
First sync takes 10-20 minutes (imports all agents and threat history)
Monitor progress in ETL Health Dashboard (/platform/etl/)
Verify data appears:
- Navigate to Security → EDR Coverage
- Should see all Huntress-protected endpoints
- Check Threats tab for detection history

Customer Mapping

LanternOps automatically maps Huntress organizations to your customers.

Automatic Mapping

Matching Strategies (in order):

Exact Name Match
- Huntress Org: “Acme Corporation”
- LanternOps Customer: “Acme Corporation”
- Result: ✅ Auto-matched (100% confidence)
Fuzzy Name Match
- Huntress Org: “Acme Corp”
- LanternOps Customer: “Acme Corporation”
- Result: ✅ Auto-matched (85% confidence)
Domain Match
- Huntress Org Contact: “[email protected]”
- LanternOps Customer Domain: “acme.com”
- Result: ✅ Auto-matched (80% confidence)

Success Rate: >80% of organizations auto-match successfully

Manual Mapping

If auto-match fails:

In the sidebar, click Integrations
Click the Configure button next to Huntress
Navigate to the Customer Mapping tab
View unmapped organizations
Click Map to Customer for each unmapped org
Select correct LanternOps customer from dropdown
Click Save Mapping

Zero-Agent Detection

Huntress integration includes intelligent gap detection:

How It Works

Cross-Reference with RMM
- LanternOps compares NinjaOne device list with Huntress agent list
- Identifies endpoints without Huntress agent installed
Calculate Coverage Gap
- Total Endpoints: 147 (from NinjaOne)
- Huntress Agents: 142
- Gap: 5 endpoints unprotected (3.4%)
Auto-Generate Opportunity
- Revenue: 5 endpoints × $50/month = $250/month
- Annual Value: $3,000
- Compliance Risk: CIS 10.1 not fully satisfied

Viewing Coverage Gaps

Navigate to Security → EDR Coverage:

Coverage Dashboard Shows:

Total endpoints discovered
Huntress agents active
Coverage percentage
Unprotected endpoints (with hostnames)
Revenue opportunity to close gap

Example Display:

EDR Coverage: 96.6% (142 of 147 endpoints)

⚠️ Gap Identified: 5 endpoints need Huntress agent
   - ACME-LAPTOP-03
   - ACME-WORKSTATION-17
   - ACME-SERVER-BACKUP
   - ACME-LAPTOP-22
   - ACME-KIOSK-01

Revenue Opportunity: $250/month ($3,000/year)
Compliance Impact: CIS 10.1 PARTIALLY SATISFIED

Sync Schedule

Default Frequency: Every 4 hours

Sync Times (24-hour cycle):

12:00 AM
4:00 AM
8:00 AM
12:00 PM
4:00 PM
8:00 PM

What Gets Synced Each Cycle:

Data Type	Sync Method	Records Updated
Agents	Incremental	Only new/changed agents
Organizations	Full	All organizations (lightweight)
Threats	Incremental	Last 30 days only
Incidents	Incremental	Active + recently resolved

First Sync vs. Subsequent Syncs:

First Sync: 10-20 minutes (full historical import)
Incremental Sync: 3-5 minutes (only changes)

Monitoring & Troubleshooting

Check Sync Health

Navigate to ETL Health Dashboard (/platform/etl/):

Healthy Sync Indicators:

🟢 Status: Healthy
✅ Failure Rate: <5%
⏱️ Last Sync: Within last 4 hours
📊 Records Synced: >0 agents per sync

Common Issues

”Authentication Failed” Error

Cause: Invalid API keys or permissions

Solution:

Verify both API keys are correct (public and secret)
Check API key hasn’t expired (Huntress → Account Settings → API Credentials)
Ensure API key has read permissions for:
- Agents
- Organizations
- Threats/Incidents
Try regenerating API key with full read access

”No Agents Found” After Sync

Cause: Organization ID filter or API scope issue

Solution:

Remove Organization ID filter - leave blank to sync all orgs
Check API key has access to all organizations in your Huntress account
Verify organizations exist in Huntress Dashboard
In the sidebar, click Integrations, click Configure next to Huntress, then click the Sync Now button

”Rate Limit Exceeded” Error

Cause: Too many API requests in short period

Solution:

Automatic recovery: ETL system retries after 15 minutes
If persistent: Reduce sync frequency to every 6 hours
Workaround: Contact Huntress support to increase API rate limits

”Customer Auto-Mapping Failed”

Cause: Huntress organization names don’t match LanternOps customers

Solution:

Use Manual Mapping (see above)
In the sidebar, click Integrations
Click the Configure button next to Huntress
Navigate to the Customer Mapping tab
Map each unmapped organization manually
Best Practice: Use consistent naming across platforms

”Zero-Agent Detection Not Working”

Cause: Missing NinjaOne integration

Solution:

Zero-agent detection requires NinjaOne integration to compare device lists
Set up NinjaOne integration
After both integrations active, gaps will appear automatically

Verify Data Accuracy

After first sync, verify:

Agent Count Matches
- Huntress Dashboard: Count total agents
- LanternOps: Navigate to Security → EDR Coverage
- Counts should match exactly
Customer Mapping Correct
- Review Customer Mapping page
- Ensure all Huntress orgs mapped to correct customers
Threat Data Present
- Check Threats tab in Security dashboard
- Should see recent detections (if any occurred)
Coverage Calculation Accurate
- If NinjaOne integrated: Coverage % should match (Huntress agents / NinjaOne devices)
- Verify unprotected endpoint list is accurate

Business Value

Security Value

Threat Detection Proof:

Real-time visibility into ransomware attempts blocked
Evidence of 24/7 SOC monitoring
Incident response timeline documentation
Proof of malware protection for compliance

Example Customer Value:

“In the last 30 days, Huntress detected and blocked 3 ransomware attempts targeting your finance department. Average response time: 12 minutes. This protection satisfies CIS Control 10.1 and prevents potential $250,000 in ransomware damage.”

Compliance Value

Frameworks Covered:

CIS Controls (4 controls satisfied)
NIST CSF (3 controls satisfied)
CMMC Level 2 (3 controls satisfied)
HIPAA (1 control satisfied)
SOC 2 (3 controls satisfied)
PCI DSS (3 controls satisfied)

Audit Package Includes:

EDR coverage percentage
Threat detection/response timeline
Agent deployment status
Incident history and remediation
Evidence timestamps

Revenue Opportunities

Huntress data powers automatic opportunity detection:

Coverage Gap Opportunities:

Find endpoints without EDR agent
Calculate: Gaps × $50/month
Generate pitch: “$250/month to achieve 100% EDR coverage”

Incident-Based Upsells:

Customer experiences multiple threats → Recommend managed SOC service
Ransomware attempt detected → Upsell backup/disaster recovery
Persistent threats → Recommend security awareness training

Compliance-Driven Sales:

Customer pursuing CMMC/HIPAA → EDR is required control
Show gap: “You need 100% EDR coverage to achieve compliance”
Close deal with compliance urgency

Average Revenue Found: $2,000-$4,000 per customer

Best Practices

Setup

✅ Use read-only API credentials (LanternOps never writes to Huntress)
✅ Don’t specify Organization ID unless you only want to sync specific orgs
✅ Save API secret key in password manager (shown only once during creation)
✅ Test sync with one organization first before enabling all

Ongoing Maintenance

✅ Review EDR Coverage Dashboard weekly
✅ Check for new coverage gaps as you add customers
✅ Monitor threat detection to prove value to customers
✅ Rotate API credentials every 12 months

Security

✅ Credentials are encrypted at rest (AES-256)
✅ Never shared across MSP tenants
✅ API key uses read-only permissions
✅ Enable API key expiration in Huntress (12-month rotation)

Performance

✅ Keep sync frequency at 4 hours (balances freshness and API limits)
✅ First sync during off-hours (takes 10-20 minutes)
✅ Monitor failure rate (should be <5%)

API Permissions Required

Minimum Scopes (Read-Only)

agents:read           - Read agent inventory and status
organizations:read    - Read organization details
incidents:read        - Read threat detections and incidents
reports:read          - Read threat reports and analytics

Important: API key must have all organizations access, not just specific ones (unless filtering by Organization ID).

Next Steps

Verify Coverage Data
- Check Security → EDR Coverage
- Confirm agent counts match Huntress Dashboard
- Review Customer Mapping
Set Up Zero-Agent Detection
- Ensure NinjaOne integration is active
- Navigate to EDR Coverage to see gaps
- Generate coverage gap opportunities
Enable Threat Alerts
- Configure notification rules for new threats
- Set up customer-facing alerts in portal
- Notification Setup Guide
Generate Compliance Evidence
- Navigate to Compliance → Audit Packages
- Select framework (e.g., CIS Controls)
- See Huntress evidence for controls 10.1, 10.5, 13.1

Questions?

What if agents aren’t syncing?
How does zero-agent detection work?
Why is my sync failing?
How do I prove EDR value to customers?
Contact Support