Skip to content

15 - Huntress

NOTE: To be completed by Stratus Cyber Team

1. Identity Protection

View this article here from Huntress and configure the integration for Identity Protection: [GCC High] Integrating with Huntress Managed Identity Threat Detection and Response -- Huntress Product Support

2. Endpoint Protection

Endpoint protection is out of the box secure, so we just need to enroll the devices into Huntress using the Win32 App you uploaded and assigned earlier (already done).

3. Security Awareness Training

Add Account to Huntress SAT Dashboard

  1. Add the account into Huntress SAT Dashboard and follow the guidance to authorize the domain via email

  2. Add the required domains and IP addresses into allowlisting: Allowlist Phishing Emails in Microsoft Office 365 Defender Basic and Advanced -- Huntress Product Support

    NOTE: The required domains and IP addresses will be listed in the SAT management portal, don't just use the ones in the guide above

Setup SCIM to Provision Users

  1. Head into Entra ID (entra.microsoft.us) and go to Enterprise Applications > Add New > Create your own application

    • Name: Curricula UserSync
    • Option: Integrate any other application (non-gallery)
    • Don't select the suggested 'Curricula SAML' - that'll be used in the next section. It's different.

  2. Under Users and Groups add the 'Users - Huntress SAT - Static' group in here as an assignment

  3. Go to the 'Provisioning' section of the Enterprise Application

  4. Select 'Get Started' and change the Provisioning Mode to 'Automatic'

  5. Now head into Huntress SAT (MyCurricula) and select the account you want to edit (the one you made earlier)

  6. Click into the settings area of the account:

Huntress SAT Settings

  1. Go to the SCIM page and select 'Connect a Group':

SCIM Connect Group

  1. Select the 'Staff (Default)' group and connect it

  2. Copy the Base URL and Token displayed here:

SCIM Base URL and Token

  1. Put the values copied from above into the Provisioning Section back in Entra ID as the 'Tenant URL' (Base URL) and 'Secret Token' (Token)

  2. Select 'Test Connection' and confirm the connection is authorized successfully

  3. Hit 'Save' up the top to configure the provisioning connection

  4. Expand the 'Mappings' section which has now just shown up and click into the 'Provision Microsoft Entra ID Groups' option and select NO then save it:

SCIM Disable Group Provisioning

SCIM Save Disable

  1. Back in the mappings, click into the 'Provision Microsoft Entra ID Users' option and set it the same as follows by deleting irrelevant attributes and then save it:

SCIM User Attribute Mappings

  1. Back on the overview, set a failure notification email of secops@clientdomain.us and turn on the provisioning status, then save everything:

SCIM Provisioning Status

  1. Once you've saved it, the provisioning will start, and it will run every 40-minutes so once users are added to the appropriate Entra ID groups later - it'll take care of itself

Setup SAML SSO

  1. Head into the Huntress SAT portal and select the account you want to edit (the one you made earlier)

  2. Click into the settings area of the account:

Huntress SAT Settings for SAML

  1. Select the Edit function next to the 'Staff (default)' group:

Edit Staff Group

  1. Head to the 'Access' tab up the top and then change the Authentication Type to 'SAML Single Sign-on':

SAML Authentication Type

  1. Browse to the Entra ID tenant (entra.microsoft.us) and go to Enterprise Applications > New Application > Search for 'Curricula' and select it:

Curricula Enterprise Application

  1. Create the application and then assign it to the user group 'Users - Huntress SAT - Static' for granular access:

Assign Curricula to Group

  1. Once the group is assigned, head to the 'Single Sign-on' section on the left side:

Single Sign-On Section

  1. Select SAML:

Select SAML

  1. Now select edit on the Basic SAML Configuration section:

Edit Basic SAML Configuration

  1. On the Identifier (Entity ID) field as shown here, add an identifier:

Add Entity ID

And paste in the URL found back on this page in Huntress SAT:

Entity ID from Huntress

  1. Next, add a Reply URL and paste the SAME URL in as you just did above:

Add Reply URL

  1. Save this section, you're finished configuring the Basic SAML Configuration

  2. Next, update the Notification Email Address found in this section to secops@clientdomain.us:

Update Notification Email

  1. Then browse down to the SAML Certificates section and download the Certificate (Base64):

Download Certificate

  1. Open this in Notepad and copy the certificate string (don't worry about the BEGIN CERTIFICATE and END CERTIFICATE lines - just copy the hash itself)

  2. Go back to Huntress SAT and paste the certificate string into the X.509 Certificate field:

Paste Certificate in Huntress

  1. Back in the Entra ID Curricula SAML Configuration, copy the Login URL shown here:

Copy Login URL

  1. Paste it into the IdP Login URL field within the Huntress SAT SAML Configuration and hit Save

  2. Once this URL is noted down for usage in a future step, the Huntress SAT SSO setup is complete

Assign CMMC Level 2 Learning Assignment

Assign the CMMC Level 2 learning assignment to the account under the 'Assignments' section while in the master-level account (Stratus Main Account) to ensure the learning assignment gets posted to all of the users.