huntress

n8n node for Huntress

Package Information

Downloads: 1,705 weekly / 1,705 monthly
Latest Version: 0.1.17
Author: AvantGuard LLC

Available Nodes

Huntress icon
Huntress
<!-- DO NOT LINT FOR FORMATTING, you will break how it appears on the docs site --><p><a href='https://www.huntress.com/terms-of-service'>© Huntress - All rights reserved</a></p><h1 id='introduction'>Introduction</h1><p>The Huntress API follows a RESTful pattern. Requests are made via resource-oriented URLs as described in this document and API responses are formatted as JSON data.</p><p>If you&#39;d like to request additional API endpoints or capabilities, <a href="https://feedback.huntress.com/">submit feedback</a> through our feedback portal.</p><h1 id='api-overview'>API Overview</h1><details> <summary><h2 id='authentication'>Authentication</h2></summary><div class="scalar-code-copy"><pre class="scalar-codeblock-pre"><code class="hljs language-curl"><span class="hljs-variable">$KEY</span> = </span><span class="hljs-built_in">echo </span><span class="hljs-string">"$HUNTRESS_PUBLIC_KEY:$HUNTRESS_PRIVATE_KEY"</span> | <span class="hljs-built_in">base64</span><span class="hljs-built_in">curl </span><span class="hljs-string">"https://api.huntress.io/v1/agents"</span> \ -H <span class="hljs-string">"Authorization: Basic $KEY"</span></code></pre></div><p>To begin, generate your API Key at <code>&lt;your_account_subdomain&gt;.huntress.io</code>. Once you are logged into your account on the Huntress site, check the dropdown menu at the top-right corner of the site header. You should see <code>API Credentials</code> among the options if your account has been granted access to the Huntress API. Click on the option to continue to the API Key generation page.</p><p>Once on the API Key generation page, click on the green Setup button to begin the process to generate your API Key. You will be redirected to a page where you will be prompted to generate your API Key. Click the Generate button to generate a public and private key pair for Huntress API access. The inputs on the page will be filled in with your access credentials once you have done so.</p><p><strong>Your API Private Key will only be visible at this stage of API Key generation. Be sure to save the value provided somewhere secure, as once you navigate away from this page, this value will no longer be accessible and you must regenerate your API credentials if your secret key value is lost.</strong></p><p>If necessary, you can repeat the process to regenerate your API credentials with a new API Key and API Secret Key on the same API Key generation page, at <code>&lt;your_account_subdomain&gt;.huntress.io/account/api_credentials</code>.</p><p>The Huntress API implements basic access authentication. Once you have your API Key and API Secret Key, provide these values as the result of a Base64 encoded string in every request to the Huntress API via the <code>Authorization</code> header. Your request header should look something like <code>Authorization: Basic [Base64Encode(&lt;your_api_key&gt;:&lt;your_api_secret_key&gt;)]</code>. Please refer to the code snippets for further examples.</p></details><details> <summary><h2 id='rate-limits'>Rate Limits</h2></summary><p>Every Huntress API account is rate limited to 60 requests per minute, on a sliding window. This means that no more than 60 requests can be made within a 60 second time interval between the first request and the last request.</p><p>For example, if request 1 is made at T0, request 2 is made at T5, and requests 3 through 60 are made at T10, making request 61 at T55 would result in a 429 error response. Making request 61 at T61 would succeed, however making request 62 at T61 would fail, at least until the time has passed T65, corresponding to a minute after request 2 was made.</p></details><details> <summary><h2 id='http-response-codes'>HTTP Response Codes</h2></summary><p>Huntress follows HTTP standards when delivering responses: a <code>2xx</code> response is a success, a <code>4xx</code> response indicates an issue with the client request, and a <code>5xx</code> response indicates an issue with Huntress servers.<br><br>Specific error codes are detailed in the following table:</p><table><thead><tr><th>Error Status Code</th><th>Details</th></tr></thead><tbody><tr><td>400</td><td>There is an unexpected value in the API request being made.</td></tr><tr><td>401</td><td>Your request could not be authenticated. Check that your API key is properly formatted and included in the <code>Authorization</code> header.</td></tr><tr><td>404</td><td>The requested resource is unavailable: either it doesn&#39;t exist, or your account does not hold correct permissions to access it.</td></tr><tr><td>429</td><td>You have made too many requests within the rate limit timeframe. See the previous section on <a href="#rate_limits">rate_limits</a> for details.</td></tr><tr><td>500</td><td><p>An error has occurred within Huntress servers.</p><p>You could retry the request, but if you encounter continued errors, please <a href="https://support.huntress.io">contact Support</a> with details of your error. If all traffic from Huntress is resulting in 500 responses, please check our <a href="https://huntressstatus.statuspage.io/">Huntress Status Page</a>.</p></td></tr></tbody></table></details><details> <summary><h2 id='pagination'>Pagination</h2></summary><p>Certain Huntress API endpoints utilize a <code>page_token</code> and <code>limit</code> parameter to specify a window location and size, respectively, to the resources currently being requested.<br><br>Each API request will also return a pagination object with details about your current pagination state based on the parameters provided. The pagination object contains:<br></p><table><thead><tr><th>Key</th><th>Type</th><th>Description</th></tr></thead><tbody><tr><td>next_page_token</td><td>string</td><td>The token used to request the next page in paginated results. If no page token is included, the first page contains all results.</td></tr><tr><td>next_page_url</td><td>string</td><td>URL containing the next page and the limit provided in the original API request, to be used to continue sequentially accessing resources. Only displays when another page can be accessed.</td></tr></tbody></table><br><p>Following is a formatted example of the pagination object in an API response:<br><div class="scalar-code-copy"><pre class="scalar-codeblock-pre"><code class="hljs language-json"><span class="hljs-attr">"pagination"</span><span class="hljs-punctuation">: {</span><span class="hljs-attr"> "next_page_url"</span><span class="hljs-punctuation">: </span><span class="hljs-string">"https://api.huntress.io/v1/agents?page_token=MjAyMi0wMy0wMVQxODo1NDoyNFo&amp;limit=10"</span><span class="hljs-punctuation">,</span><span class="hljs-attr"> "next_page_token"</span><span class="hljs-punctuation">: </span><span class="hljs-string">"MjAyMi0wMy0wMVQxODo1NDoyNFo"</span><span class="hljs-punctuation">}</span></code></pre></div></details><details> <summary><h2 id='request-and-response-format'>Request and Response Format</h2></summary> <details> <summary><h3 id='request'>Request</h3></summary> <div class="scalar-code-copy"><pre class="scalar-codeblock-pre"><code class="hljs language-curl"><span class="hljs-built_in">curl</span> <span class="hljs-string">"https://api.huntress.io/v1/agents?organization_id=1&amp;page_token=MjAyMi0wMy0wMVQxODo1NDoyNFo"</span> -H <span class="hljs-string">"Authorization: Basic &lt;Your B64 encoded hash&gt;"</span></code></pre></div> <p>The base URL for API requests is <code>api.huntress.io/v1/</code>, followed by the resource requested. Resources can be requested either singularly or as a list, which correspond to <code>/v1/&lt;resources&gt;/:id</code> or <code>/v1/&lt;resources&gt;</code> respectively, with the exception of the <code>/v1/account</code> and <code>/v1/actor</code> endpoints, which only returns the account associated with the API credentials provided.</p> <p>As an example, <code>api.huntress.io/v1/agents</code> would return a list of agents, while <code>api.huntress.io/v1/agents/1</code> would return a singular agent with ID: 1.</p> <p>Parameters are provided to the API through a query string. As an example, providing the organization_id filter as a parameter to the <code>/v1/agents</code> endpoint would look like <code>api.huntress/io/v1/agents?organization_id=1</code>. Accessing a sequential page with the same filter active would look like <code>api.huntress.io/v1/agents?organization_id=1&amp;page_token=MjAyMi0wMy0wMVQxODo1NDoyNFo</code>.</p> </details> <details> <summary><h3 id='response'>Response</h3></summary> <p>The Huntress API responds with a JSON object containing requested resources if the request is valid and authorized.</p> <h4 id='singular-case'>Singular Case</h4> <div class="scalar-code-copy"> <pre class="scalar-codeblock-pre"><code class="hljs-json"><span class="hljs-punctuation">{</span><span class="hljs-attr"> "report"</span><span class="hljs-punctuation">: { ... }}</span></code></div> <p>In the case of accessing a singular resource, the JSON object in question will contain one key that maps the singular resource to the singular representation of the resource name. As an example, if you were to request <code>api.huntress.io/v1/reports/1</code>, the JSON response would contain a single key <code>report</code> that maps to the report with ID: 1.</p> <h4 id='multiple-case'>Multiple Case</h4><div class="highlight"><pre class="highlight json tab-json"><pre class="scalar-codeblock-pre"><code class="hljs-json"><span class="hljs-punctuation">{</span><span class="hljs-attr"> "reports"</span><span class="hljs-punctuation">: [ ... ],</span><span class="hljs-attr"> "pagination"</span><span class="hljs-punctuation">: { ... }</span><span class="hljs-punctuation">}</span></code></pre></div> <p>When accessing a list of resources, the JSON response contains two keys at the root level. The first key is the plural representation of that resource. The second is a <code>pagination</code> key that represents the current state of pagination based on parameters provided in the original request. As an example, a request to <code>api.huntress.io/v1/reports</code> returns a JSON object with the keys <code>reports</code> and <code>pagination</code> at its root level. Further details on the fields within the pagination object can be seen at <a href="#pagination">the relevant section</a>.</p> </details></details>

Documentation

n8n      AvantGuard

Huntress n8n Node

n8n community node npm

© Huntress - All rights reserved

Introduction

The Huntress API follows a RESTful pattern. Requests are made via resource-oriented URLs as described in this document and API responses are formatted as JSON data.

If you'd like to request additional API endpoints or capabilities, submit feedback through our feedback portal.

API Overview

Authentication

$KEY = echo "$HUNTRESS_PUBLIC_KEY:$HUNTRESS_PRIVATE_KEY" | base64curl "https://api.huntress.io/v1/agents" \ -H "Authorization: Basic $KEY"

To begin, generate your API Key at <your_account_subdomain>.huntress.io. Once you are logged into your account on the Huntress site, check the dropdown menu at the top-right corner of the site header. You should see API Credentials among the options if your account has been granted access to the Huntress API. Click on the option to continue to the API Key generation page.

Once on the API Key generation page, click on the green Setup button to begin the process to generate your API Key. You will be redirected to a page where you will be prompted to generate your API Key. Click the Generate button to generate a public and private key pair for Huntress API access. The inputs on the page will be filled in with your access credentials once you have done so.

Your API Private Key will only be visible at this stage of API Key generation. Be sure to save the value provided somewhere secure, as once you navigate away from this page, this value will no longer be accessible and you must regenerate your API credentials if your secret key value is lost.

If necessary, you can repeat the process to regenerate your API credentials with a new API Key and API Secret Key on the same API Key generation page, at <your_account_subdomain>.huntress.io/account/api_credentials.

The Huntress API implements basic access authentication. Once you have your API Key and API Secret Key, provide these values as the result of a Base64 encoded string in every request to the Huntress API via the Authorization header. Your request header should look something like Authorization: Basic [Base64Encode(<your_api_key>:<your_api_secret_key>)]. Please refer to the code snippets for further examples.

Rate Limits

Every Huntress API account is rate limited to 60 requests per minute, on a sliding window. This means that no more than 60 requests can be made within a 60 second time interval between the first request and the last request.

For example, if request 1 is made at T0, request 2 is made at T5, and requests 3 through 60 are made at T10, making request 61 at T55 would result in a 429 error response. Making request 61 at T61 would succeed, however making request 62 at T61 would fail, at least until the time has passed T65, corresponding to a minute after request 2 was made.

HTTP Response Codes

Huntress follows HTTP standards when delivering responses: a 2xx response is a success, a 4xx response indicates an issue with the client request, and a 5xx response indicates an issue with Huntress servers.

Specific error codes are detailed in the following table:

Error Status CodeDetails
400There is an unexpected value in the API request being made.
401Your request could not be authenticated. Check that your API key is properly formatted and included in the Authorization header.
404The requested resource is unavailable: either it doesn't exist, or your account does not hold correct permissions to access it.
429You have made too many requests within the rate limit timeframe. See the previous section on rate_limits for details.
500

An error has occurred within Huntress servers.

You could retry the request, but if you encounter continued errors, please contact Support with details of your error. If all traffic from Huntress is resulting in 500 responses, please check our Huntress Status Page.

Pagination

Certain Huntress API endpoints utilize a page_token and limit parameter to specify a window location and size, respectively, to the resources currently being requested.

Each API request will also return a pagination object with details about your current pagination state based on the parameters provided. The pagination object contains:

KeyTypeDescription
next_page_tokenstringThe token used to request the next page in paginated results. If no page token is included, the first page contains all results.
next_page_urlstringURL containing the next page and the limit provided in the original API request, to be used to continue sequentially accessing resources. Only displays when another page can be accessed.

Following is a formatted example of the pagination object in an API response:

"pagination": {  "next_page_url": "https://api.huntress.io/v1/agents?page_token=MjAyMi0wMy0wMVQxODo1NDoyNFo&limit=10",  "next_page_token": "MjAyMi0wMy0wMVQxODo1NDoyNFo"}

Request and Response Format

Request

 
curl "https://api.huntress.io/v1/agents?organization_id=1&page_token=MjAyMi0wMy0wMVQxODo1NDoyNFo" -H "Authorization: Basic <Your B64 encoded hash>"

The base URL for API requests is api.huntress.io/v1/, followed by the resource requested. Resources can be requested either singularly or as a list, which correspond to /v1/<resources>/:id or /v1/<resources> respectively, with the exception of the /v1/account and /v1/actor endpoints, which only returns the account associated with the API credentials provided.

As an example, api.huntress.io/v1/agents would return a list of agents, while api.huntress.io/v1/agents/1 would return a singular agent with ID: 1.

Parameters are provided to the API through a query string. As an example, providing the organization_id filter as a parameter to the /v1/agents endpoint would look like api.huntress/io/v1/agents?organization_id=1. Accessing a sequential page with the same filter active would look like api.huntress.io/v1/agents?organization_id=1&page_token=MjAyMi0wMy0wMVQxODo1NDoyNFo.

Response

The Huntress API responds with a JSON object containing requested resources if the request is valid and authorized.

Singular Case

{  "report": { ... }}

In the case of accessing a singular resource, the JSON object in question will contain one key that maps the singular resource to the singular representation of the resource name. As an example, if you were to request api.huntress.io/v1/reports/1, the JSON response would contain a single key report that maps to the report with ID: 1.

Multiple Case

{  "reports": [ ... ],  "pagination": { ... }}

When accessing a list of resources, the JSON response contains two keys at the root level. The first key is the plural representation of that resource. The second is a pagination key that represents the current state of pagination based on parameters provided in the original request. As an example, a request to api.huntress.io/v1/reports returns a JSON object with the keys reports and pagination at its root level. Further details on the fields within the pagination object can be seen at the relevant section.

Table of Contents

Installation

Follow the n8n community node installation guide.

Or install directly via npm:

npm install @avantguardllc/n8n-nodes-huntress

Authentication

This node authenticates using Basic Auth (API Key + API Secret).

Setting Value
Type Basic Auth
Field 1 API Key
Field 2 API Secret
Base URL https://api.huntress.io (editable in credentials)

Tip: The Base URL can be changed in the credential settings if your instance uses a different host.

Resources & Operations

Base URL: https://api.huntress.io

Accounts

Endpoint Description
🔵 GET /v1/account Get Account

Reseller

Endpoint Description
🔵 GET /v1/accounts List Accounts
🟢 POST /v1/accounts Create Account
🔵 GET /v1/accounts/{account_id} Get Specific Account
🟣 PATCH /v1/accounts/{account_id} Update Account
🔴 DELETE /v1/accounts/{account_id} Permanently Disable an Account
🔵 GET /v1/accounts/{account_id}/agents List Agents
🔵 GET /v1/accounts/{account_id}/agents/{id} Get Agent
🔵 GET /v1/accounts/{account_id}/billing_reports List Account Billing Reports
🔵 GET /v1/accounts/{account_id}/billing_reports/{id} Get Account Billing Report
🔵 GET /v1/accounts/{account_id}/incident_reports List Incident Reports
🔵 GET /v1/accounts/{account_id}/incident_reports/{id} Get Incident Report
🟢 POST /v1/accounts/{account_id}/incident_reports/{id}/resolution Create an Incident Report Resolution
🔵 GET /v1/accounts/{account_id}/memberships List Memberships
🟢 POST /v1/accounts/{account_id}/memberships Create a Membership
🔵 GET /v1/accounts/{account_id}/memberships/{id} Get Membership
🟣 PATCH /v1/accounts/{account_id}/memberships/{id} Update a User's membership
🔴 DELETE /v1/accounts/{account_id}/memberships/{id} Delete Membership
🔵 GET /v1/accounts/{account_id}/organizations List Organizations
🟢 POST /v1/accounts/{account_id}/organizations Create an Organization
🔵 GET /v1/accounts/{account_id}/organizations/{id} Get Organization
🟣 PATCH /v1/accounts/{account_id}/organizations/{id} Update an Organization
🔴 DELETE /v1/accounts/{account_id}/organizations/{id} Delete an Organization
🔵 GET /v1/accounts/{account_id}/incident_reports/{incident_report_id}/remediations List Remediations
🔵 GET /v1/accounts/{account_id}/incident_reports/{incident_report_id}/remediations/{remediation_id} Get Remediation
🟢 POST /v1/accounts/{account_id}/incident_reports/{incident_report_id}/remediations/bulk_approval Bulk Approve Remediations
🟢 POST /v1/accounts/{account_id}/incident_reports/{incident_report_id}/remediations/bulk_rejection Bulk Reject Remediations
🔵 GET /v1/accounts/{account_id}/reports List Summary Reports
🔵 GET /v1/accounts/{account_id}/reports/{id} Get Summary Report
🔵 GET /v1/accounts/{account_id}/signals List Signals
🔵 GET /v1/accounts/{account_id}/signals/{id} Get Signal

Actor

Endpoint Description
🔵 GET /v1/actor Get Actor

Agents

Endpoint Description
🔵 GET /v1/agents List Agents
🔵 GET /v1/agents/{id} Get Agent

BillingReports

Endpoint Description
🔵 GET /v1/billing_reports List Account Billing Reports
🔵 GET /v1/billing_reports/{id} Get Account Billing Report

Escalations

Endpoint Description
🔵 GET /v1/escalations List Escalations
🔵 GET /v1/escalations/{id} Get Escalation
🟢 POST /v1/escalations/{id}/resolution Create an Escalation Resolution

IncidentReports

Endpoint Description
🔵 GET /v1/incident_reports List Incident Reports
🔵 GET /v1/incident_reports/{id} Get Incident Report
🟢 POST /v1/incident_reports/{id}/resolution Create an Incident Report Resolution
🔵 GET /v1/incident_reports/{incident_report_id}/remediations List Remediations
🔵 GET /v1/incident_reports/{incident_report_id}/remediations/{remediation_id} Get Remediation
🟢 POST /v1/incident_reports/{incident_report_id}/remediations/bulk_approval Bulk Approve Remediations
🟢 POST /v1/incident_reports/{incident_report_id}/remediations/bulk_rejection Bulk Reject Remediations

Users

Endpoint Description
🔵 GET /v1/memberships List Memberships
🟢 POST /v1/memberships Create a Membership
🔵 GET /v1/memberships/{id} Get Membership
🟣 PATCH /v1/memberships/{id} Update a User's membership
🔴 DELETE /v1/memberships/{id} Delete Membership

Organizations

Endpoint Description
🔵 GET /v1/organizations List Organizations
🟢 POST /v1/organizations Create an Organization
🔵 GET /v1/organizations/{id} Get Organization
🟣 PATCH /v1/organizations/{id} Update an Organization
🔴 DELETE /v1/organizations/{id} Delete an Organization

SummaryReports

Endpoint Description
🔵 GET /v1/reports List Summary Reports
🔵 GET /v1/reports/{id} Get Summary Report

Signals

Endpoint Description
🔵 GET /v1/signals List Signals
🔵 GET /v1/signals/{id} Get Signal

Compatibility

  • n8n version: 1.0+ (tested on 2.x)
  • Node.js version: 18+

License

MIT

Discussion