Reporting & Dashboards

This may already exist, but I would like to see data correlated between ITDR identities and EDR endpoints. On the ITDR > Identities, it would be good to see the Devices (pulled from O365/Google Workspace) the account has signed into, along with the date last seen. If within 30, 60, 90 (something) days but does not correlated to an endpoint with the EDR installed, then highlight/notify us as a device that is missing the Huntress agent. For the EDR > Agents side, seeing not only the user account(s) on the endpoint (local user(s) and IdP identities), but also correlating the devices from the ITDR to show device and identity together. EDR shows if the device is Domain Joined (yes/no), but not the domain account information.

Starting with Ransomware detections, correlate signals between different Huntress products to uncover suspicious activity, tying compromised identities and endpoints together.

Can we get a feature for Incident Notification Contacts where we can separate who gets called for certain customers? Not all have 24/7 support and some of our internal are not touched by external techs. Thanks!

Currently, the monthly threat summary report cannot be customized. It would be beneficial to have the option to customize these reports to better align with our organization's branding and reporting needs.

This will tie in SAT to EDR/ITDR incident reports, making it easy for SAT customers to pick the right episode for their internal teams

Can you add the texts and robocalls for critical incidents at the organization level? It would be nice to be able to set this up for IT managers, etc. at individual customers.

I often encounter files with 'Password' in their name that are incorrectly flagged as issues. It would be beneficial to have a feature that allows me to ignore these files as false positives, improving the accuracy of the system.

Right now, the Threat Reports can only be scheduled to go out to recipients on a monthly or quarterly basis. If a different timeframe is needed, the only alternative is to manually generate a report with a custom date range and then send it out to recipients. It would be great to configure custom timeframe reports to automatically go out to the list of recipients at a specified time, and/or to include an option for a branded weekly report in addition to monthly and quarterly.

An app for huntress to enable direct notifications rather than via email for example and give quick access to see what the issue is or be able to manage remediation steps

I can only find the option to set SMS / Phone call alerts on an account level. it would be great if it was possible to have this configured on an organisational level. For example, one of my clients is an admin in their Organisation, they would like to receive the SMS. If i configure them for SMS they will receive alerts for all organisations.