Huntress

Work with the Huntress API

Actions11

Agent Actions
- Get
- Get Many
Billing Report Actions
- Get
- Get Many
Incident Report Actions
- Get
- Get Many
Organization Actions
- Get
Signal Actions
- Get
- Get Many
Summary Report Actions
- Get
- Get Many

Overview

This node interacts with the Huntress API to retrieve detailed information about a specific Signal. A Signal in this context typically represents an alert or event detected by the Huntress security platform, such as suspicious activity or potential threats on monitored endpoints.

The "Get Signal" operation is useful when you want to fetch comprehensive data about a particular Signal by its unique identifier. This can help security analysts or automated workflows to investigate alerts, enrich incident data, or trigger further actions based on the signal details.

Practical examples:

Automatically retrieving details of a newly detected threat signal to include in a security dashboard.
Fetching signal information to correlate with other security events for incident response.
Using the signal data to trigger notifications or remediation workflows.

Properties

Name	Meaning
Signal ID	The unique numeric identifier of the Signal to retrieve from the Huntress API.

Output

The node outputs JSON data representing the full details of the requested Signal. This includes all available fields returned by the Huntress API for that Signal, such as timestamps, status, description, affected systems, and any metadata associated with the alert.

If the node supports binary data output (not indicated here), it would typically represent attachments or files related to the Signal, but this operation primarily returns structured JSON data.

Dependencies

Requires an active connection to the Huntress API.
Needs an API authentication token credential configured in n8n to authorize requests.
The base URL used is https://api.huntress.io/v1.
The node depends on internal utility functions for handling API pagination and request defaults.

Troubleshooting

Common issues:
- Invalid or missing Signal ID will result in errors or empty responses.
- Authentication failures due to incorrect or expired API tokens.
- Network connectivity problems preventing access to the Huntress API endpoint.
Error messages:
- Errors containing HTTP status codes (e.g., 401 Unauthorized) indicate authentication issues; verify API credentials.
- 404 Not Found errors suggest the specified Signal ID does not exist or is inaccessible.
- Timeout or network errors require checking internet connectivity and firewall settings.

Links and References

Huntress API Documentation (for detailed API endpoints and data structures)
n8n Documentation (for general usage of custom nodes and credentials)