Endpoint and Office 365 Most important
complete
John Taylor
80% of security related issues we work on are endpoint & Office 365 related. We can use the Sentinel SIEM from Microsoft and other products, but they seem to be from full SOC vendors. If there was a good 365 monitoring solution, I would find it easier to get Huntress in more of my clients.
R
Robert Dana
complete
Hi- I'm the new M365 product manager at Huntress and I'm doing a cleanup of our M365 feedback. As I'm hoping most of you know, we launched an M365 offering in 2023, so this item can be closed. If you have feedback to contribute about it, please come add new feature requests or vote on the existing ones.
M
Matt Christophers
Are there any updates for this? This is something that would be highly desirable.
M
Michael Setton
Is there any updates on this from Dima Kumets [Product Manager - Huntress]
A
Adam Jones
I'd love an update on where this stands and/or to be involved with testing it.
J
Jordy Minnebo
Adam Jones: Me too .. when we were become a partner in August, they told me release was sheduled for Q4 2022. We're half way through Q1 2023. Hopefully it is around the corner and i'm jumping to test it.
M
Matt Bauer
It would be good to add Google Workspace monitoring to this as well.
K
Katherin'la Altenwerth'la
I hope this is more than compromised mailbox with forwarding rules. Disabling remote auto forwarding AND having M365 send you an alert takes under 10 minutes to implement. I see no reason why Huntress would need to go this route, but using AI to identify anomalies in AzureAD logins WOULD be helpful.
C
Charlie Klemm
I completely agree with the direction here. This would greatly help catch compromised accounts. I know this has been mentioned before, but I didn't see anything here. I just wanted to add that it would be nice to monitor 365 2FA enforcement status on accounts as well as privilege escalation of standard users to something like 'global administrators'. I apologize if this is duplicate info!
K
Katherin'la Altenwerth'la
What type of integration is being built here? Are you going to track logins in AzureAD?
I personally do not think email rules is a huge deal. It is very easy to create a global policy to prevent auto forwarding of emails to external users.
Dima Kumets [Product Manager - Huntress]
Merged in a post:
Outlook & Microsoft 365 integration for Rule detection
T
Thomas Welch
A compromised e-mail account is one of the most common forms of compromise and existing detection methods are limited or require paying e-mail providers extra for additional licensing. If Huntress could provide alerts for compromised e-mail, it would add tremendous value to the product.
One possible solution would be to integrate the Huntress endpoint agent with Outlook running on an endpoint. The agent could detect when new Inbox rules are created and if they match certain criteria (e.g. when a new rule deletes all sent items or all incoming e-mail). This should be a fairly easy implementation that would catch a large number of compromise cases. I'm sure there are other methods for improving the efficiency and accuracy of detection.
Dima Kumets [Product Manager - Huntress]
This is one of the many detections we'd like to build to handle business email compromise. We will be doing this with M365 though and aren't looking at the Outlook for desktop integration.
Load More
→