Actions9
Overview
The "Incident Report - Get Many" operation in this node allows users to retrieve multiple incident reports from the Huntress API. This is useful for security analysts or IT teams who want to fetch and review a list of incidents filtered by various criteria such as organization, agent, status, severity, indicator type, or platform. For example, a user could pull all critical incidents related to antivirus detections on Windows machines within a specific organization to prioritize threat response.
Properties
| Name | Meaning |
|---|---|
| Filters | A collection of optional filters to narrow down the incident reports returned: |
| - Organization ID | Numeric ID of the organization to filter incidents by. |
| - Agent ID | Numeric ID of the agent associated with the incidents. |
| - Status | Status of the incident report; options are: Sent, Closed, Dismissed. |
| - Severity | Severity level of the incident; options are: Critical, High, Low. |
| - Indicator Type | Type of indicator involved in the incident; options include Antivirus Detections, Footholds, Managed Identity, Monitored Files, Process Detections, Ransomware Canaries. |
| - Platform | Platform affected by the incident; options are Windows, Mac OS, Microsoft 365. |
Output
The node outputs JSON data representing an array of incident reports matching the specified filters. Each incident report object typically contains details such as incident identifiers, timestamps, status, severity, indicators involved, and platform information. The output does not include binary data.
Dependencies
- Requires an active connection to the Huntress API.
- Requires configuration of an API authentication token credential within n8n to authorize requests.
- The base URL used for API calls is
https://api.huntress.io/v1.
Troubleshooting
Common Issues:
- Invalid or missing API credentials will cause authentication failures.
- Using incorrect filter values (e.g., non-existent organization or agent IDs) may result in empty responses.
- Network connectivity issues can prevent successful API calls.
Error Messages:
- Authentication errors typically return HTTP status codes like 401 or 403; ensure the API key is valid and has necessary permissions.
- Rate limiting or server errors may return 429 or 5xx status codes; retry after some time or check service status.
- Malformed query parameters might cause 400 Bad Request errors; verify filter inputs conform to expected types and values.
Links and References
- Huntress API Documentation (for detailed API endpoints and parameters)
- n8n Documentation on Creating Custom Nodes