Automate implicit auto isolation on high alerts
J
John Frank
Huntress does Auto Isolate for Critical alerts, however in our case we had a High alert over the weekend when our business hours are M-F. We don't see these alerts until Monday morning when we get back from the weekend or day/days after holidays or even the wee hours of the morning during weekdays before business hours. If a high alert comes in, it could be hours, a day or days before any action is taken
TLDR it would be nice to have granularity to enable implicit auto isolation for any and all high alerts of agent hosts to GET action sooner rather than later
L
Lenny Lehner
Yes, this and the ability to set notifications by alert (meaning blow us up on critical, maybe just sms on high?)
C
Chris Piestrzeniewicz
Had a similar incident, MDR event came in at 3am which was a high priority and was pretty dodgy event to begin with, but nothing was done.... Not even a call or sms alert. By the time everyone was on deck for the day it was too late.