Reporting & Dashboards

The date and data filter for Process Events has been removed from the UI. The ability to filter this data is critical, as it is vast and virtually impossible to use without being able to filter by both date and time, and content.

This update will give Customers and Partners the ability to configure the details of where, when and who an Escalation will be sent to and reduce frequency of notifications

Starting with Ransomware detections, correlate signals between different Huntress products to uncover suspicious activity, tying compromised identities and endpoints together.

It would be great if there was a way to indicate an escalation or incident was being left open while being worked on. "Acknowledged" or "In Progress" come to mind as a status option. Useful for example while reaching out to confirm a user's location to make clear to the team it's been seen.

Multiple endpoints that are part of a single incident will be included in the same report, simplifying our reporting and showing correlation across an infrastructure

Currently, the monthly threat summary report cannot be customized. It would be beneficial to have the option to customize these reports to better align with our organization's branding and reporting needs.

Could be relevant for both ITDR and Managed Security Awareness. Possibility to add all customer domains and track their security related status. Example in table form show MX Record/MX Record parked, SPF record/Health, Common DKIM records(or DKIM Parked), DMARC policy status, MTA-STS Status, etc. With the main focus of overview of domain security. Best practice is to register all relevant domains for company/trademark names (to avoid threat actor registering these domains). Only Mail Enabled domains should have valid MX records, SPF, DKIM and DMARC. All other domains should have mail parking record. @ MX 0 . @ TXT v=spf1 -all *@ TXT v=spf1 -all *._ domainkey.example.com TXT v=DKIM1; p= _ dmarc.example.com TXT v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s This could identify mail enabled domains, and parked/secured domains. This list could also be a basis for a Dark Web Monitor feature to check for credential leaks and forum chatter.

Have a look at the inforcer Entra dashboard, they are insanely helpful and detailed. Maybe some ideas need to be taken from there for the ITDR dashboard as currently its not great. For example tenant health is a waste of whitespae, risky users is a waste because you cant even do anything with them so might as well go to the Entra admin center, I dont know anyone really looking at the unwanted access dashboard (PS you would be better showing log in attempts as well) Same for Rogue Applications why not list all enterprise apps and allow us to remove/delete from the Huntress platform. Some other ideas to name a few Live Auth Activity Feed Conditional Access Insights Direct Remediation Buttons: suspend account, reset password, revoke sessions right from the widget. App Consent Monitoring External Sharing Overview MFA Fatigue Attack Detection

I see quite a few requests for exports on different areas of Huntress dashboards. I think it would be ideal to add this capability to export to excel/csv on all available tables. This could added as an export button next to the filter.

Give Options to "white label" and send from a custom domain/smtp server. The monthly threat reports that MSPs can have emailed to their customers should come from the MSP and be branded as the MSPs report. They are currently totally Huntress branded and are emailed from Huntress.