Skip to content

Huntress Low Code Plugin #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Deenk wants to merge 22 commits into
base: main
Choose a base branch
from
Open

Huntress Low Code Plugin #56

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
5756090
huntress commit
Deenk Apr 9, 2026
1fbe40d
fix huntress shapes
Deenk Apr 9, 2026
1763b53
plugin restructure
Deenk Apr 9, 2026
8a9f2cb
fix broken oob dashboards
Deenk Apr 9, 2026
e41f9dd
fix missing oob tiles
Deenk Apr 9, 2026
81cc42c
fix request parameters
Deenk Apr 10, 2026
279c163
more data stream fixes
Deenk Apr 10, 2026
4b2f615
add more imports and datastreams
Deenk Apr 10, 2026
5c35049
add scoped agents data stream
Deenk Apr 10, 2026
4c53f2d
remove broken index field
Deenk Apr 10, 2026
89719ab
many huntress improvements
Deenk May 11, 2026
8f50a44
fix scoped agents filter and align Huntress with framework conventions
Deenk May 20, 2026
9ba2d20
add platform_actions data stream and fix pre-PR review findings
Deenk Jun 1, 2026
33feca7
update author
Deenk Jun 2, 2026
45ba527
remove duplicate plugin name in readme heading
Deenk Jun 3, 2026
d22ba4b
fix agents by org data stream
Deenk Jun 4, 2026
06e89d4
rremove external ports datastream as its not part of huntress EDR
Deenk Jun 4, 2026
fed9afb
improve OOB agents dashboard
Deenk Jun 4, 2026
4bc8a90
fix scope bug in oob dash
Deenk Jun 4, 2026
a6af2f5
fix firewall oob tiles
Deenk Jun 4, 2026
51a0a34
incident body hidden because it is large
Deenk Jun 4, 2026
843aa63
fix two broken data stream fields
Deenk Jun 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/CODEOWNERS
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@

# Request review from original author
plugins/DigiCert/* @shaswot77
plugins/Huntress/* @Deenk
plugins/FantasyPremierLeague/* @TimWheeler-SQUP
plugins/GoogleSheets/* @kieranlangton
plugins/MetOffice/* @blackgrouse
Expand Down
11 changes: 11 additions & 0 deletions plugins/Huntress/v1/configValidation.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{
"steps": [
{
"displayName": "API access",
"dataStream": { "name": "organizations" },
"success": "Successfully connected to Huntress",
"error": "Cannot connect to Huntress. Check your public and private API keys.",
"required": true
}
]
}
12 changes: 12 additions & 0 deletions plugins/Huntress/v1/cspell.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{
"words": [
"huntress",
"edr",
"itdr",
"substatus",
"subdomain",
"ipv4",
"footholds",
"ransomware"
]
}
16 changes: 16 additions & 0 deletions plugins/Huntress/v1/custom_types.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
[
{
"name": "Huntress Agent",
"sourceType": "Huntress Agent",
"icon": "laptop",
"singular": "Agent",
"plural": "Agents"
},
{
"name": "Huntress Organization",
"sourceType": "Huntress Organization",
"icon": "building",
"singular": "Organization",
"plural": "Organizations"
}
]
160 changes: 160 additions & 0 deletions plugins/Huntress/v1/dataStreams/agents.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,160 @@
{
"name": "agents",
"displayName": "Agents",
"description": "All agents registered with your Huntress account",
"tags": ["Security", "Agents"],
"baseDataSourceName": "httpRequestUnscoped",
"config": {
"httpMethod": "get",
"endpointPath": "/v1/agents",
"pathToData": "agents",
"expandInnerObjects": true,
"getArgs": [],
"headers": [],
"paging": {
"mode": "token",
"pageSize": {
"realm": "queryArg",
"path": "limit",
"value": "500"
},
"in": {
"realm": "payload",
"path": "pagination.next_page_token"
},
"out": {
"realm": "queryArg",
"path": "page_token"
}
}
},
"metadata": [
{
"name": "id",
"displayName": "Agent ID",
"shape": ["number", { "decimalPlaces": 0 }],
"role": "id",
"visible": false
},
{
"name": "hostname",
"displayName": "Hostname",
"shape": "string",
"role": "label"
},
{
"name": "organization_id",
"displayName": "Organization ID",
"shape": ["number", { "decimalPlaces": 0 }]
},
{
"name": "account_id",
"displayName": "Account ID",
"shape": ["number", { "decimalPlaces": 0 }]
},
{
"name": "domain_name",
"displayName": "Domain Name",
"shape": "string"
},
{
"name": "os",
"displayName": "Operating System",
"shape": "string"
},
{
"name": "platform",
"displayName": "Platform",
"shape": "string"
},
{
"name": "arch",
"displayName": "Architecture",
"shape": "string"
},
{
"name": "ipv4_address",
"displayName": "IPv4 Address",
"shape": "string"
},
{
"name": "external_ip",
"displayName": "External IP",
"shape": "string"
},
{
"name": "mac_addresses",
"displayName": "MAC Addresses",
"shape": "json"
},
{
"name": "tags",
"displayName": "Tags",
"shape": "json"
},
{
"name": "version",
"displayName": "Agent Version",
"shape": "string"
},
{
"name": "edr_version",
"displayName": "EDR Version",
"shape": "string"
},
{
"name": "defender_status",
"displayName": "Defender Status",
"shape": "string"
},
{
"name": "defender_substatus",
"displayName": "Defender Substatus",
"shape": "string"
},
{
"name": "defender_policy_status",
"displayName": "Defender Policy Status",
"shape": "string"
},
{
"name": "firewall_status",
"displayName": "Firewall Status",
"shape": ["state", { "map": { "success": ["Enabled"], "error": ["Disabled"], "warning": ["Pending Isolation", "Isolated", "Pending Release"] } }]
},
{
"name": "os_build_version",
"displayName": "OS Build Version",
"shape": "string"
},
{
"name": "serial_number",
"displayName": "Serial Number",
"shape": "string"
},
{
"name": "last_callback_at",
"displayName": "Last Callback At",
"shape": ["date", { "timeZone": "Etc/UTC" }]
},
{
"name": "last_survey_at",
"displayName": "Last Survey At",
"shape": ["date", { "timeZone": "Etc/UTC" }]
},
{
"name": "created_at",
"displayName": "Created At",
"shape": ["date", { "timeZone": "Etc/UTC" }]
},
{
"name": "updated_at",
"displayName": "Updated At",
"shape": ["date", { "timeZone": "Etc/UTC" }]
},
{
"pattern": ".*"
}
],
"timeframes": false
}
169 changes: 169 additions & 0 deletions plugins/Huntress/v1/dataStreams/agentsByOrganization.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,169 @@
{
"name": "agentsByOrganization",
"displayName": "Agents by Organization",
"description": "Agents filtered by a scoped Huntress Organization",
"tags": ["Security", "Agents"],
"baseDataSourceName": "httpRequestScoped",
"objectLimit": 1,
"matches": {
"sourceType": {
"type": "equals",
"value": "Huntress Organization"
}
},
"config": {
"httpMethod": "get",
"endpointPath": "/v1/agents",
"pathToData": "agents",
"expandInnerObjects": true,
"getArgs": [
{ "key": "organization_id", "value": "{{objects[0].organization_id}}" }
],
"headers": [],
"paging": {
"mode": "token",
"pageSize": {
"realm": "queryArg",
"path": "limit",
"value": "500"
},
"in": {
"realm": "payload",
"path": "pagination.next_page_token"
},
"out": {
"realm": "queryArg",
"path": "page_token"
}
}
},
"metadata": [
{
"name": "id",
"displayName": "Agent ID",
"shape": ["number", { "decimalPlaces": 0 }],
"role": "id",
"visible": false
},
{
"name": "hostname",
"displayName": "Hostname",
"shape": "string",
"role": "label"
},
{
"name": "organization_id",
"displayName": "Organization ID",
"shape": ["number", { "decimalPlaces": 0 }]
},
{
"name": "account_id",
"displayName": "Account ID",
"shape": ["number", { "decimalPlaces": 0 }]
},
{
"name": "domain_name",
"displayName": "Domain Name",
"shape": "string"
},
{
"name": "os",
"displayName": "Operating System",
"shape": "string"
},
{
"name": "platform",
"displayName": "Platform",
"shape": "string"
},
{
"name": "arch",
"displayName": "Architecture",
"shape": "string"
},
{
"name": "ipv4_address",
"displayName": "IPv4 Address",
"shape": "string"
},
{
"name": "external_ip",
"displayName": "External IP",
"shape": "string"
},
{
"name": "mac_addresses",
"displayName": "MAC Addresses",
"shape": "json"
},
{
"name": "tags",
"displayName": "Tags",
"shape": "json"
},
{
"name": "version",
"displayName": "Agent Version",
"shape": "string"
},
{
"name": "edr_version",
"displayName": "EDR Version",
"shape": "string"
},
{
"name": "defender_status",
"displayName": "Defender Status",
"shape": "string"
},
{
"name": "defender_substatus",
"displayName": "Defender Substatus",
"shape": "string"
},
{
"name": "defender_policy_status",
"displayName": "Defender Policy Status",
"shape": "string"
},
{
"name": "firewall_status",
"displayName": "Firewall Status",
"shape": ["state", { "map": { "success": ["Enabled"], "error": ["Disabled"], "warning": ["Pending Isolation", "Isolated", "Pending Release"] } }]
},
{
"name": "os_build_version",
"displayName": "OS Build Version",
"shape": "string"
},
{
"name": "serial_number",
"displayName": "Serial Number",
"shape": "string"
},
{
"name": "last_callback_at",
"displayName": "Last Callback At",
"shape": ["date", { "timeZone": "Etc/UTC" }]
},
{
"name": "last_survey_at",
"displayName": "Last Survey At",
"shape": ["date", { "timeZone": "Etc/UTC" }]
},
{
"name": "created_at",
"displayName": "Created At",
"shape": ["date", { "timeZone": "Etc/UTC" }]
},
{
"name": "updated_at",
"displayName": "Updated At",
"shape": ["date", { "timeZone": "Etc/UTC" }]
},
{
"pattern": ".*"
}
],
"timeframes": false
}
Loading
Loading