|
| 1 | +# Restrict Network Access with Huntress EDR |
| 2 | + |
| 3 | +[Huntress](https://www.huntress.com/) is a managed detection and response (MDR) platform designed for IT service providers and enterprises to protect endpoints from cyber threats. The Huntress agent continuously monitors endpoints, collecting security telemetry including Windows Defender status, firewall configuration, and policy compliance, which can be used to enforce network access controls based on device security posture. |
| 4 | + |
| 5 | +The integration of NetBird with Huntress provides network security by ensuring only devices that meet your defined security standards can access the protected network. This approach allows administrators to enforce access restrictions based on critical Windows security settings such as Defender health status, antivirus definitions, firewall state, and policy compliance, ensuring only properly secured endpoints have access to network resources via NetBird. |
| 6 | + |
| 7 | +In this guide, you'll learn how to integrate NetBird with Huntress and configure access controls to allow only compliant devices onto your network. |
| 8 | + |
| 9 | +<Note> |
| 10 | + TLDR: Devices that fail to meet Huntress security requirements (Windows Defender health, firewall status, or policy compliance) will automatically lose network access. Once a device meets all compliance criteria, access is restored. |
| 11 | +</Note> |
| 12 | + |
| 13 | + |
| 14 | +## Prerequisites |
| 15 | + |
| 16 | +Before you start creating and configuring a Huntress integration, ensure that you have the following: |
| 17 | +- A Huntress account with the permissions to create and manage API keys. |
| 18 | + If you don't have the required permissions, ask your Huntress administrator to grant them to you. |
| 19 | + |
| 20 | +## Create a Huntress API Key |
| 21 | + |
| 22 | +- Navigate to your Huntress Management Console |
| 23 | +- Go to **Settings** » **API Credentials** |
| 24 | +- Click **Create API Credential** |
| 25 | +- Fill in the form: |
| 26 | + - **Name**: `NetBird Integration` |
| 27 | + - **Description**: `API key for NetBird EDR integration` (optional) |
| 28 | +- Click **Create** |
| 29 | +- Copy the generated API key and secret immediately (they will only be displayed once) |
| 30 | +- Note your Huntress organization key from the console |
| 31 | + |
| 32 | +<Note> |
| 33 | +Treat the API credentials securely and store them safely. You will need both the API key and secret for the NetBird integration configuration. |
| 34 | +</Note> |
| 35 | + |
| 36 | +## Configure a Huntress Integration in NetBird |
| 37 | + |
| 38 | +- Navigate to the [Integrations » EDR](https://app.netbird.io/integrations?tab=edr) tab in the NetBird dashboard |
| 39 | +- Click **Connect Huntress** to start the configuration wizard |
| 40 | +<p> |
| 41 | + <img src="/docs-static/img/how-to-guides/endpoint-detection-and-response/huntress/getting-started.png" alt="Huntress integration getting started" className="imagewrapper-big"/> |
| 42 | +</p> |
| 43 | +- Click the **Get Started** button to initiate the integration process |
| 44 | +- Enter your Huntress organization key and click **Continue** |
| 45 | + |
| 46 | +<p> |
| 47 | + <img src="/docs-static/img/how-to-guides/endpoint-detection-and-response/huntress/console-config.png" alt="Huntress console configuration" className="imagewrapper-big"/> |
| 48 | +</p> |
| 49 | + |
| 50 | +- Enter the API key and secret you created in the previous step and click **Continue** to verify the connection |
| 51 | + |
| 52 | +<p> |
| 53 | + <img src="/docs-static/img/how-to-guides/endpoint-detection-and-response/huntress/api-config.png" alt="Huntress API configuration" className="imagewrapper-big"/> |
| 54 | +</p> |
| 55 | + |
| 56 | +- Select the **groups** you want to apply the integration to and click **Connect** |
| 57 | + |
| 58 | +<p> |
| 59 | + <img src="/docs-static/img/how-to-guides/endpoint-detection-and-response/huntress/group-config.png" alt="Huntress group configuration" className="imagewrapper-big"/> |
| 60 | +</p> |
| 61 | + |
| 62 | + |
| 63 | +<Note> |
| 64 | + The EDR check will apply only to peers in the selected groups and will require a running Huntress agent. |
| 65 | + You can also use groups [synchronized from your Identity Provider (IdP)](/how-to/idp-sync). |
| 66 | +</Note> |
| 67 | + |
| 68 | +- Configure the compliance criteria that devices must meet to access your network. These security requirements ensure only healthy, properly configured devices can connect. Select the criteria that align with your organization's security policies: |
| 69 | + - **Defender Policy Status**: Requires Windows Defender policy status to be compliant. Default is set to `Compliant`. |
| 70 | + - **Defender Status**: Requires Windows Defender to be in a healthy state. Default is set to `Healthy`. |
| 71 | + - **Defender Substatus**: Requires Windows Defender to be up to date with the latest definitions. Default is set to `Up to date`. |
| 72 | + - **Firewall Status**: Requires the device firewall to be enabled. Can be set to check if firewall is `Enabled` or `Disabled`. Default is to require `Enabled`. |
| 73 | + |
| 74 | +<p> |
| 75 | + <img src="/docs-static/img/how-to-guides/endpoint-detection-and-response/huntress/compliance-config.png" alt="edr-integrations" className="imagewrapper-big"/> |
| 76 | +</p> |
| 77 | + |
| 78 | + |
| 79 | +- Configure the **Huntress Sync Window** (default is 24 hours). This setting determines which devices NetBird will consider for network access based on their recent activity in Huntress. Only devices that have been active and reporting to Huntress within this time window will be synchronized. These devices must then also meet the configured compliance criteria to gain network access. |
| 80 | + |
| 81 | +<p> |
| 82 | + <img src="/docs-static/img/how-to-guides/endpoint-detection-and-response/huntress/sync-config.png" alt="edr-integrations" className="imagewrapper-big"/> |
| 83 | +</p> |
| 84 | + |
| 85 | +- Click **Connect** to complete the integration setup |
| 86 | + |
| 87 | +- Only peers that have the Huntress agent installed and meet all the configured compliance criteria will be granted access to the network. |
| 88 | + Peers without the Huntress agent or those that don't meet the compliance requirements will appear with an `Approval required` mark in the peers list and won't be able to access |
| 89 | + the network until they have the agent installed and satisfy all the specified security requirements. |
| 90 | + |
| 91 | +<p> |
| 92 | + <img src="/docs-static/img/how-to-guides/endpoint-detection-and-response/huntress/edr-approval-required.png" alt="edr-approval-required" className="imagewrapper-big"/> |
| 93 | +</p> |
| 94 | + |
| 95 | + |
| 96 | +<Note> |
| 97 | + NetBird matches the Huntress agent to the peer using the Serial Number of the device. You must ensure that each of your devices has a unique serial number. |
| 98 | +</Note> |
0 commit comments