Huntress

the huntress connector enables automated interactions with the huntress platform, facilitating advanced threat detection and streamlined incident management huntress is a cybersecurity platform specializing in threat detection and tailored incident response the huntress connector for swimlane turbine enables users to automate the management of organizations, agents, and incident reports within the huntress ecosystem by integrating with huntress, swimlane turbine users can enhance their security operations with efficient data retrieval, incident analysis, and streamlined response actions this connector empowers security teams to proactively manage threats and leverage huntress' robust telemetry for informed decision making prerequisites to effectively utilize the huntress connector within swimlane turbine, ensure you have the following prerequisites http basic authentication with the following parameters url the endpoint url for the huntress api api key your unique identifier to authenticate with the huntress api api secret key a confidential key paired with your api key for secure authentication capabilities this connector provides the following capabilities list organizations create organization update organization get account get agents get incident reports list escalations notes for more information on huntress https //api huntress io/docs#introduction configurations huntress http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions create organization initiates the creation of a new organization in huntress using specified 'key' and 'name' endpoint url /v1/organizations method post input argument name type required description key string optional organization keys are used to associate a huntress agent into a grouping value cannot be blank and must be 256 characters or less name string optional the name of the organization value cannot be blank and must be 256 characters or less input example {"key" "string","name" "example name"} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 200,"response headers" {"date" "fri, 20 mar 2026 06 18 59 gmt","content type" "text/html; charset=utf 8","content length" "8746","connection" "keep alive","server" "nginx","x frame options" "sameorigin","x xss protection" "0","x content type options" "nosniff","x permitted cross domain policies" "none","referrer policy" "strict origin when cross origin","link" "\<https //huntresscdn com/portal/production/assets/application 68fa314293ce3d37f5 ","vary" "accept","etag" "w/\\"7fc03f7c get account retrieve details of the top level huntress account associated with your api credentials endpoint url /v1/account method get output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 200,"response headers" {"date" "fri, 20 mar 2026 06 18 59 gmt","content type" "text/html; charset=utf 8","content length" "8746","connection" "keep alive","server" "nginx","x frame options" "sameorigin","x xss protection" "0","x content type options" "nosniff","x permitted cross domain policies" "none","referrer policy" "strict origin when cross origin","link" "\<https //huntresscdn com/portal/production/assets/application 68fa314293ce3d37f5 ","vary" "accept","etag" "w/\\"7fc03f7c get agents lists all huntress agents associated with your account, providing a comprehensive overview of agent status and details endpoint url /v1/agents method get input argument name type required description parameters page number optional must be an integer greater than 0 parameters limit number optional must be an integer between 1 and 500 parameters created at min string optional must provide a date greater than january 1st, 2010 parameters created at max string optional must be greater than created at min parameters updated at min string optional must provide a date greater than january 1st, 2010 parameters updated at max string optional must be greater than updated at min parameters organization id number optional the unique identifier of an organization under the account associated with your api credentials will only select agents under this organization parameters platform string optional the platform of the host machine input example {"parameters" {"page" 1,"limit" 10,"created at min" "2022 03 01t18 54 02z","created at max" "2022 04 01t18 54 02z","updated at min" "2022 03 01t20 05 10z","updated at max" "2022 03 01t20 05 10z","organization id" 1,"platform" "windows"}} output parameter type description status code number http status code of the response reason string response reason phrase agents array output field agents agents file name string name of the resource agents file string output field agents file pagination object output field pagination pagination current page number output field pagination current page pagination current page count number count value pagination limit number output field pagination limit pagination total count number count value output example {"status code" 200,"response headers" {"date" "tue, 19 mar 2024 11 05 19 gmt","content type" "application/json","content length" "95","connection" "keep alive","server" "nginx","x huntress api call limit" "60","x huntress api call remaining" "59","etag" "w/\\"0a83153eb468c791fe137282160a7f05\\"","cache control" "max age=0, private, must revalidate","content security policy" "report uri /csp violation; default src 'self' https // huntress io https //hunt ","x request id" "2d70a247 4872 4537 81d8 list escalations retrieve a list of escalations with varying severities (low, high, critical) for your huntress account, including pagination metadata endpoint url /v1/escalations method get input argument name type required description parameters limit integer optional max number of resources returned in a paged collection defaults to 10, with a minimum of 1 and maximum 500 parameters page token string optional token used to request the next page in paginated results defaults to null parameters status string optional filter by status one of open, overdue, resolved input example {"parameters" {"limit" 1,"page token" "","status" "open"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 200,"response headers" {"date" "fri, 20 mar 2026 06 18 59 gmt","content type" "text/html; charset=utf 8","content length" "8746","connection" "keep alive","server" "nginx","x frame options" "sameorigin","x xss protection" "0","x content type options" "nosniff","x permitted cross domain policies" "none","referrer policy" "strict origin when cross origin","link" "\<https //huntresscdn com/portal/production/assets/application 68fa314293ce3d37f5 ","vary" "accept","etag" "w/\\"7fc03f7c get incident reports retrieve all incident reports from huntress, providing a comprehensive overview of security incidents endpoint url /v1/incident reports method get input argument name type required description parameters page number optional must be an integer greater than 0 parameters limit number optional the number of elements to show per page must be an integer between 1 and 500 parameters updated at min string optional must provide a date greater than january 1st, 2010 parameters updated at max string optional must be greater than updated at min parameters indicator type string optional will return only incident reports whose indicator types include the specified value parameters status string optional will return only incident reports matching the status provided parameters severity string optional will return only incident reports matching the severity provided parameters platform string optional the platform of the host machine (darwin or windows or microsoft 365) parameters organization id number optional the unique identifier of an organization under the account associated with your api credentials will only select incident reports under this organization parameters agent id number optional the unique identifier of an agent under the account associated with your api credentials will only select incident reports under this organization input example {"parameters" {"page" 1,"limit" 10,"updated at min" "2022 03 01t20 05 10z","updated at max" "2022 03 01t20 05 10z","indicator type" "footholds","status" "sent","severity" "low","platform" "windows","organization id" 1,"agent id" 123}} output parameter type description status code number http status code of the response reason string response reason phrase incident reports array unique identifier incident reports file name string unique identifier incident reports file string unique identifier pagination object output field pagination pagination current page number output field pagination current page pagination current page count number count value pagination limit number output field pagination limit pagination total count number count value output example {"status code" 200,"response headers" {"date" "tue, 19 mar 2024 11 05 41 gmt","content type" "application/json","content length" "105","connection" "keep alive","server" "nginx","x huntress api call limit" "60","x huntress api call remaining" "58","etag" "w/\\"5d841252ca41b87733dbaa4b61b19b17\\"","cache control" "max age=0, private, must revalidate","content security policy" "report uri /csp violation; default src 'self' https // huntress io https //hunt ","x request id" "2e5f9f71 8cf9 4b56 8f4 list organizations retrieve details of organizations linked to your account, including a pagination key for result management as per huntress documentation endpoint url /v1/organizations method get input argument name type required description parameters limit integer optional max number of resources returned in a paged collection defaults to 10, with a minimum of 1 and maximum 500 parameters page token string optional token used to request the next page in paginated results defaults to null input example {"parameters" {"limit" 10,"page token" ""}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 200,"response headers" {"date" "fri, 20 mar 2026 06 25 09 gmt","content type" "text/html; charset=utf 8","content length" "8746","connection" "keep alive","server" "nginx","x frame options" "sameorigin","x xss protection" "0","x content type options" "nosniff","x permitted cross domain policies" "none","referrer policy" "strict origin when cross origin","link" "\<https //huntresscdn com/portal/production/assets/application 68fa314293ce3d37f5 ","vary" "accept","etag" "w/\\"2068fc02 update organization updates an existing organization in huntress using the specified id provided in path parameters endpoint url /v1/organizations/{{id}} method patch input argument name type required description path parameters id integer required the unique identifier of the organization to update key string optional organization keys are used to associate a huntress agent into a grouping value cannot be blank and must be 256 characters or less name string optional the name of the organization value cannot be blank and must be 256 characters or less report recipients array optional any emails specified here will automatically receive quarterly and monthly branded reports input example {"path parameters" {"id" 123},"key" "string","name" "example name","report recipients" \["string"]} output parameter type description status code number http status code of the response reason string response reason phrase id integer unique identifier agents count integer count value account id integer unique identifier created at string output field created at incident reports count integer unique identifier key string output field key logs sources count integer count value identity provider tenant id string unique identifier billable identity count integer unique identifier name string name of the resource report recipients array output field report recipients sat learner count integer count value updated at string output field updated at output example {"status code" 200,"response headers" {"content type" "application/json"},"reason" "ok","json body" {"id" 1,"agents count" 42,"account id" 5,"created at" "2022 03 01t18 54 02z","incident reports count" 42,"key" "test1","logs sources count" 42,"identity provider tenant id" "dcd219dd bc68 4b9b bf0b 4a33a796be35","billable identity count" 42,"name" "acme inc ","report recipients" \["test\@test com","fakenotificiation\@test com"],"sat learner count" 42,"updated at" "2022 03 01t18 54 02z"}} response headers header description example cache control directives for caching mechanisms max age=0, private, must revalidate connection http response header connection keep alive content length the length of the response body in bytes 8746 content security policy http response header content security policy report uri /csp violation; default src 'self' https // huntress io https //huntresscdn com https //static huntresscdn com https //huntress io ; font src 'self' data https //beacon v2 helpscout net https //huntresscdn com https //static huntresscdn com https //huntress io https //fonts gstatic com ; style src 'self' 'unsafe inline' https // amplitude com https //beacon v2 helpscout net https //checkout stripe com https //api canny io https // osano com https //app brainfi sh https //huntresscdn com https //static huntresscdn com https //huntress io https //fonts googleapis com ; style src elem 'self' 'unsafe inline' https //checkout stripe com https //huntresscdn com https //static huntresscdn com https //huntress io https //fonts googleapis com ; script src 'self' 'unsafe inline' https // amplitude com https //browser intake datadoghq com https //www google com https //www gstatic com https //www recaptcha net https //www google analytics com https //www googletagmanager com https //beacon v2 helpscout net https //d12wqas9hcki3z cloudfront net https //d33v4339jhl8k0 cloudfront net https //checkout stripe com https //js stripe com https //canny io https //api canny io https //assets canny io https //static zdassets com https //ekr zdassets com https //huntress zendesk com https //widget mediator zopim com https //api smooch io blob https // osano com https //app brainfi sh https //cdn jsdelivr net https //huntresscdn com https //static huntresscdn com https //huntress io ; connect src 'self' https // huntress io https //huntress user uploads s3 amazonaws com https // amplitude com https //browser intake datadoghq com https // google analytics com https //www googletagmanager com https //d3hb14vkzrxvla cloudfront net https //beaconapi helpscout net https //chatapi helpscout net wss\ // pusher com https // sumologic com https //checkout stripe com https //js stripe com https //canny io https // canny io wss\ // canny io https //static zdassets com https //ekr zdassets com https //ekr zendesk com https //huntress zendesk com https // zopim com https //api smooch io wss\ //huntress zendesk com wss\ // zopim com wss\ //api smooch io https //sessions bugsnag com https //notify bugsnag com https //us autocomplete pro api smartystreets com https //international autocomplete api smarty com https //webhooks fivetran com https //com huntress dev1 mini snplow\ net https // osano com https // brainfi sh wss\ //analytic brainfi sh https //cdn jsdelivr net https //huntresscdn com https //static huntresscdn com https //huntress io ; frame src 'self' https //www google com https //www recaptcha net https //beacon v2 helpscout net https //checkout stripe com https //js stripe com https //canny io https //changelog widget canny io https //app datadoghq com https // osano com https //agent brainfi sh https //app brainfi sh https //huntress zendesk com https //support huntress io ; object src 'self' https //beacon v2 helpscout net ; img src 'self' data blob https // huntress io https //huntress user uploads s3 amazonaws com https //huntress soc evidence uploads s3 amazonaws com https //huntressstagingsoc blob core windows net https // amplitude com https //www google analytics com https //www googletagmanager com https // gravatar com https //beacon v2 helpscout net https //d33v4339jhl8k0 cloudfront net https //linkmaker itunes apple com https // stripe com https //static zdassets com https //ekr zdassets com https //huntress zendesk com https // zopim io https // zdusercontent com https //media smooch io https //tiles stadiamaps com https //huntresscdn com https //static huntresscdn com https //huntress io ; media src 'self' https // amplitude com https //beacon v2 helpscout net https //static zdassets com https //ekr zdassets com https //huntress zendesk com https // zopim io https // zdusercontent com https //app brainfi sh https //huntresscdn com https //static huntresscdn com https //huntress io content type the media type of the resource text/html; charset=utf 8 date the date and time at which the message was originated fri, 20 mar 2026 06 25 09 gmt etag an identifier for a specific version of a resource w/"5d841252ca41b87733dbaa4b61b19b17" link http response header link https //huntresscdn com/portal/production/assets/application 68fa314293ce3d37f5fd574bb49d8a8b46b83e4ea4990e969af8996095d337ad js ; rel=preload; as=script; nopush, https //huntresscdn com/portal/production/assets/application 7bbaf918b1998eaa4e2d62d8694aeeb0fb574e62bee12f0b21e0da4145be1f02 css ; rel=preload; as=style; nopush, https //huntresscdn com/portal/production/assets/tailwind scoped bf79989e936531e4a7ed3819276020d162da97ed1a459527e296a586c25528a6 css ; rel=preload; as=style; nopush, https //js stripe com/v3/ ; rel=preload; as=script; nopush referrer policy http response header referrer policy strict origin when cross origin server information about the software used by the origin server nginx set cookie http response header set cookie portal session=wkl%2fmyqcahb9cwaikl3svmwgag237qaqukxjp8wdxpurbdb418rbhch76xiqmzvaa7c0atz87b20axzk9ekofn%2frlhltlrxvafe34t1%2bc%2buey%2fuhkrlrk0wflgku%2fdkk%2bu1nljjpn28r8fnk4fgerswm8rr2xyitdywu9f4xuc39wwe8zzue%2b8skbvosotiihfjs7uc9w%2bgggup5v24xjngecsyfezlorf%2biycceyqwhomrwfgnmjdbdiqb%2b9c8c36x8kynrv4ol5dqmf2zlg7z8hbpaetizhkraavshe%2flwpr1zx6vwvto9kzfdny%2buyopwz%2fwbuwfdfr%2fhlv%2fjgyalehrefidqtkvyabygsvgl%2fbvdnfz5rcabojhzlojnd%2b8%2fqgytdtintl8%3d wum1cnp4u6fz8hc1 bdqa98oq%2fm6krmlkfhigja%3d%3d; domain=huntress io; path=/; secure; httponly; samesite=lax strict transport security http response header strict transport security max age=0 vary http response header vary accept x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x huntress api call limit http response header x huntress api call limit 60 x huntress api call remaining http response header x huntress api call remaining 58 x permitted cross domain policies http response header x permitted cross domain policies none x request id a unique identifier for the request 2e5f9f71 8cf9 4b56 8f46 e7835ca7de60 x runtime http response header x runtime 0 261253 x xss protection http response header x xss protection 0