This would be a great feature! It's one thing if we get the same ol' scareware that we are used to when a user clicks on something that they shouldn't but it's totally different when it's something we don't recognize or if someone was noticing odd behavior, it would would be nice to have someone who's profession is security to go through it.

Hi, Darren, thanks for the feedback! I'd like to clarify what you mean by "scan." Are you talking about kicking of a scan with Defender, if it's installed and integrated with Huntress? Or are you looking for a way to flag an endpoint for "heightened review" with some additional provided context, so the SOC is better able to handle signals from that machine? Or something else?