Canary Files Force Sync
I have done some testing with canary files. One thing I have noticed is that it does not seem like encrypting a canary file causes the agent to sync early. As in both tests it took 15-20 minutes for it to detect the canary has been encrypted. Then 5-10 minutes for the host to be isolated and a report sent. With things like SSD's being more common that time period allows a lot of damage to be done and for network shares to be encrypted. Maybe have it check the canaries every 60 seconds and force sync with Huntress if one turns up missing. This would take down the time to around 10-15 minutes for a response instead of 25-30 minutes. It appears this happened to someone on reddit already. It probably would have been stopped much earlier if it force synced. Full conversation here for context: https://www.reddit.com/r/msp/comments/16xfmou/bitdefender_mdr/k32q8fp/?context=3
Provide High Level Overview of Incident Type in Incidents Dashboard
With the addition of new 'password-related' LOW severity incidents, it's become difficult to filter incidents without clicking through each one. Given password-related incidents can be longer lived while we switch associates to appropriate tooling, it creates distractions in the dashboard that make responding to actual incidents more challenging. I would recommend placing an 'incident type' column on the dashboard in order to quickly see the type of incident - Plain Text Passwords, Malware, Trojan, etc.
Tamper Protection MAV
Hi team, would love the ability to control tamper protection for MAV via Huntress. We have a few clients that use it and it can get turned off for a variety of reasons and would love to have that control in a policy.
We have a fair amount of customers in the portal by now and it is getting harder to navigate and find customers in the drop down list. It would be very good to incorporate an search window to speed things up
Expand API to include Managed AV
My team especially could use the Managed AV functionality. Having the Health Status and Policy Status available through the API would help us ensure coverage while we are balancing multiple AV products.
Support for management of the new "Microsoft Defender for Business" feature set being added to Microsoft 365 Business Premium
API Integration with Slack for kicking off assisted remediation
Can you guys update your API so that we can get tickets into slack and perform remediation through slack?