Reporting/Alerting

It would be a great feature to have an audit trail for all installed and/or removed agents. This would just be a log file listing agents installed or removed to allow us reconcile if a Huntress agent is getting intentionally removed or not. This would just help provide better overall accountability that once we deploy a Huntress agent to a device that we have a record that it was there and when/if it was removed.

It would be helpful to know if the alert is EDR or MDR, and impacted computer/user and status (isolated for example) to better know what level of effort we should be performing.

-External Recon data reporting/alerting through email or PSA. -Ability to define IPs to track per organization. -Customize IP labeling, ability to add notes to ports (explanation on why it's left open)

Would like to see an end user facing report similar to the monthly client report that could be sent directly to an end user with details on the password file(s) that were found and then info on what they should do and why it's best to not have this stuff saved like they do.

Give Options to "white label" and send from a custom domain/smtp server. The monthly threat reports that MSPs can have emailed to their customers should come from the MSP and be branded as the MSPs report. They are currently totally Huntress branded and are emailed from Huntress.

I’d love to see just a couple quick numbers (for example, detections, events analyzed, number of agents protected, that kind of high level number) in the body of the e-mail. My question : is it possible to include any more technical detail in the Huntress PDF report itself? I don’t want it to become a giant long document that no one will ever read, but at the same time, there’s a lot of verbiage explaining terms, and not much detail on the protections/detections. For example, in the report I’m including below, it mentions 9851 “autorun” events analyzed. I understand what autoruns are, but maybe an example of some detail might be a breakdown of “what kind of” autoruns they were, or if that’s something I (as the end user) should be concerned about or look to minimize. Also this report mentions 134 user profiles protected – as far as I know this client only has 30-35 active employees, so as a client, I’d look at that and wonder what the 134 number would be. Then finally, it mentions 3 “process signals detected” which were reviewed and no further action was needed – it might be nice to include line items for each of the monthly events that took security expert review to determine were not malicious – just to further give the client insight, and prove the value of the service. Is there any way to edit the reports to include some information like this? I’ve poked around in the system, and am not sure there is – but if there was, it would be welcome. As-is, I wouldn’t feel great about having these e-mails go to the point of contact at my client orgs, just because I feel like they still need a little polish around the edges content wise.

Please include a list of the machines on the email, with links to them.

We are working on our security policies, logging procedures. We are looking for each system we use to include security logs showing log-in attempts, read and write logs for each user session / each object in Huntress portal e.g. adding/removing endpoints, changing configuration / policies, changing/viewing incident responses. These should include all activity by anyone in Huntress portal.

The ability to view how many licenses have been used per month on each corresponding organization. This would help give a better break down than what is provided in the Billing/Invoices section. For bot EDR and M365.

I think the idea for having Huntress Agents uninstalled or disabled is fundamental, in case of an attack that disable huntress we should be aware of that. Also in case somebody uninstalled the agent we should know too.