Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Device Configuration: Huntress

            Modified on Wed, 8 Apr at 5:35 PM

            TABLE OF CONTENTS


            Overview

            This document provides the steps to integrate Huntress with ADR SIEM (aiSIEM/aiXDR) using API credentials. Once configured, Huntress telemetry and alerts will be ingested into ADR through the CCE (Collection and Control Engine), enabling centralized visibility, threat detection, and automated correlation.


            Prerequisites

            • Access to your Huntress portal (https://<subdomain>.huntress.io).

            • User role with permissions to generate API credentials.

            • Administrative access to ADR CCE and SIEM UI.

            • Firewall rules allowing outbound HTTPS from CCE to Huntress API endpoints.


            Generate API Credentials in Huntress

            1. Log in to the Huntress Portal → https://<your_subdomain>.huntress.io.

            2. Click your user profile dropdown (top-right).

            3. Select API Credentials. (Visible only if API access is granted.)

            4. Click Setup → then Generate.

            5. Copy the credentials:

              • Access ID (Public Key)

              • Secret Key (Private Key)

            Important: The Secret Key will only be shown once. Store it securely; regenerate if lost.


            Find Your Organization ID

            The Organization ID (org_id) is required in the ADR configuration JSON.

            Steps:

            1. Log in to the Huntress Portal.

            2. Click Organizations in the top navigation bar.

            3. Select the organization you want to integrate.

            4. Look at your browser’s URL. The Organization ID is the number in the path.

            Example URL:

            https://huntress.io/organizations/123456/agents

            Here, 123456 is the Organization ID.


            Configure Huntress in ADR SIEM

            1. Log in to ADR SIEM UI with admin rights.

            2. Navigate: Administation → Add-On Store → Search for Huntress Add (+).

            3. Fill in the following fields:

            FieldValue
            Device NameHuntress
            CCE Host (IP)Enter the CCE IP
            Access ID / UsernameEnter the Access ID (Public Key)
            Password / Secret KeyEnter the Secret Key (Private Key)
            Config (JSON)Provide JSON including your Huntress ORGID


            Example:

            { "ORGID": "<your_org_id>" }
Click Save.


            Verification (MSSP Only)

            On ADR SIEM UI

            1. Navigate: System → Logs and Flows Collection Status.

            2. Confirm that Huntress appears under Source Device IP.

            3. Validate that logs/events are being ingested.

            On ADR CCE (CLI)

            Run

            otmdoc -s addondevices
            crontab -l


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0