Actions11
Overview
This node integrates with the Huntress API to retrieve multiple incident reports based on specified filters. It is useful for security analysts or IT teams who want to fetch and review a list of security incidents detected by Huntress, filtered by criteria such as organization, agent, status, severity, indicator type, or platform.
Practical examples include:
- Fetching all critical incident reports for a specific organization.
- Retrieving all dismissed incidents related to antivirus detections on Windows machines.
- Getting all sent incident reports assigned to a particular agent.
Properties
| Name | Meaning |
|---|---|
| Filters | A collection of optional filters to narrow down the incident reports returned: |
| - Organization ID | Numeric ID of the organization to filter incident reports by. |
| - Agent ID | Numeric ID of the agent associated with the incident reports. |
| - Status | Status of the incident report. Options: Sent, Closed, Dismissed. |
| - Severity | Severity level of the incident. Options: Critical, High, Low. |
| - Indicator Type | Type of indicator involved in the incident. Options: Antivirus Detections, Footholds, Managed Identity, Monitored Files, Process Detections, Ransomware Canaries. |
| - Platform | Platform affected by the incident. Options: Windows, Mac OS, Microsoft 365. |
Output
The node outputs JSON data containing an array of incident reports matching the applied filters. Each incident report object includes details such as identifiers, status, severity, indicator types, timestamps, and other relevant metadata provided by the Huntress API.
No binary data output is produced by this operation.
Dependencies
- Requires an active connection to the Huntress API using a valid API authentication token configured in n8n credentials.
- The node uses the base URL
https://api.huntress.io/v1for API requests. - Pagination support is included via the node's internal pagination method to handle large result sets.
Troubleshooting
Common issues:
- Invalid or missing API credentials will cause authentication failures.
- Providing invalid filter values (e.g., non-numeric IDs) may result in request errors.
- Network connectivity problems can prevent successful API calls.
Error messages:
- Authentication errors typically return HTTP 401 or 403 status codes; verify API key validity.
- Validation errors from the API may indicate incorrect filter parameters; check that filter values conform to expected types and options.
- Timeout or network errors suggest connectivity issues; ensure stable internet access.