Option to Enable Escalation if a Huntress Managed Security Control is undone from within Entra
under review
J
Joel Biddle
It is my understanding that if continuous enforcement is configured for a security control, that Huntress will manage the noise by not raising an escalation. It will just "fix" the issue if someone disables a setting directly in the 365 tenant, and log that it took that action in the Activity Log.
I think this is a great default, but if the only notification option is the ISPM Actions feed, this info may get missed.
I'd like the option to check a box, at the level of the security control, to enable the creation of an Escalation for when the continuous enforcement is triggered and action is taken.
The use case is either an untrained or internal IT resource accidentally undoing a security policy from within the tenant itself. This would help me know if some training is needed, or if the internal IT resource might be performing some actions in the tenant to "solve" a problem, without notifying us.
Thanks!
S
Scott Riley
marked this post as
under review
Hey Joel! You're absolutely right, we made a call to not send escalations if something broke and we fixed it. We have talked about what's another way to surface this to you guys. You're exactly right in that we don't just want to create noise but equally, we don't want to feel like we're obscuring stuff you want access to. Let me pick this up with the team and see what we could do. I like your use case and it makes total sense. Thanks so much for checking out ISPM and giving feedback!
J
Joel Biddle
Thanks Scott Riley!
I do like the default behavior of reducing noise here, but there are scenarios where it would be nice if I could opt-in to receiving an escalation, probably on a per security control or per CA policy basis.
If someone is making changes outside of ISPM and inside of Entra, and Huntress acts to enforce my desired state, there's likely a reason behind it, that could require training or better accommodation from a policy perspective, in a way that is planned.