Managed EDR

During a recent incident, we observed multiple login attempts from foreign countries using a user's compromised credentials. However, Huntress did not generate any alert because the logins were unsuccessful. While we understand Huntress focuses on alerting only for successful logins to reduce noise, we believe this presents a critical visibility gap and is aiming to be reactive and not so much proactive in compromises which is equally if not more important. In this case, the password was already compromised, and the attacker was likely attempting to bypass MFA (e.g., via fatigue attacks). Knowing that someone is attempting logins using a valid password regardless of MFA is a strong indicator of credential compromise and warrants at least a low-severity alert or informational escalation. Being notified in such scenarios could help partners respond before an attacker successfully completes a login and takes further action. We suggest adding an option to alert on: Repeated login attempts from unusual locations using a valid password (even if blocked by MFA) Patterns indicating MFA prompt bombing Any use of a correct password from suspicious geolocations or out of country logins (Similar to out of country logins for successful logins)

As a Managed Service Provider (MSP), offering prospective clients a hands-on experience with Huntress is crucial for demonstrating its value. However, the current lack of a structured trial mechanism presents challenges: + Billing Constraints: The inability to exclude trial deployments from billing complicates the onboarding of potential clients, especially when trial periods don't align with our billing cycles.​ + Operational Overhead: Manually managing trial deployments, including setup and teardown to avoid billing, increases administrative workload and risks errors.​ Our proposed solution is implementing a Controlled Trial feature within the Huntress MSP console that allows: + Trial organization creation: enable MSPs to set up trial organizations or designate existing ones as trials, exempting them from billing for a defined period (e.g., 14 days).​ + Automated trial management: provide options to automatically deactivate or prompt for conversion of trial organizations at the end of the trial period. + Data handling options: allow MSPs to choose whether to retain or purge data from trial organizations upon trial completion, ensuring the main tenant remains uncluttered.​ + Resource limitation: offer the ability to limit the number of agents or features available during the trial to manage resources effectively.​ This would give us the following benefits: + Enhanced sales process, which facilitates smoother onboarding of potential clients by providing a risk-free evaluation period.​ + Resource optimization, as it greatly reduces administrative overhead associated with manual trial management and removes unnecessary emails with our Huntress points of contact. + Client satisfaction, as it would align client expectations by offering a structured and transparent trial experience.​ I think implementing this feature would significantly aid MSPs in demonstrating Huntress's value proposition, ultimately contributing to increased adoption and client satisfaction.

Want to be able to set a start date for expected rules so that when a client gives us the start and end date of a trip we can add the schedule in when they tell us instead of having to schedule in to do it on the day they leave.

We would like to see EU customer data that is collected for the Huntress platform stored in a EU Data Centre: Simplifies compliance & reduces regulatory risk. Legal risk is low. Many EU end customers demand EU data residency, especially in specific sectors like healthcare, finance, government and education. Alignment with NIS2 compliance

Would be nice for our accounting department to be able to see how many internal use licenses we have credited against the invoice as a visible line item per product.

Adding additional telemetry streams and views to be able to better identify lateral movement, increasing our overall efficacy and being able to better pinpoint specific attack types.

Be notified if Huntress Agent goes offline for extended period of time via RMM

Customers are hesitant to take on new products, however, when they have a compromise it's can be easier to get them onboard. We'd like an option to setup a customer / organisation which would run for a month. We do it a lot with other software and it works quite well.

Support the ability to manage the built-in Windows firewall on endpoints. This would allow for "patching holes" and brings in the potential for a "lockdown" mode when malware hits.