Option to ignore Unexpected Country alerts if there is an agent at that IP | Voters

Option to ignore Unexpected Country alerts if there is an agent at that IP

Shawn Switzer

If there is a "Login from Unexpected Country" escalation, there should be a secondary check to see if there is a Huntress agent registered to the same client located at that same IP.

If there is an agent registered to the same account at that IP, we can be reasonably sure that the login is expected.

March 10, 2026

Autopilot

Merged in a post:

Incorporate Huntress EDR Agent or Common RMM agents as additional trust points for ITDR monitoring and alerting

Todd Swartzman

Is it possible for MDR to incorporate the Huntress Agent (or even common RMM's) in whatever behind the scenes math is done to trust a logon activity or not? What about actions taken from previously unknown IP's? A suspicious logon from a known machine (because it has Huntress EDR installed that is the correct agent for that machine) would probably make this logon more trustworthy and maybe just issue a warning instead of account lockdown unless other more suspicious actions occurred.

April 3, 2026

John Anisy

Love it