Reporting/Alerting

When getting an escalation for Windows Defender "System Health - Hosts not being properly protected". Once the escalation is resolved, there is no way to view what hosts were affected. This would allow us to follow up and see if there is a bigger issue.

It would be a great feature to have an audit trail for all installed and/or removed agents. This would just be a log file listing agents installed or removed to allow us reconcile if a Huntress agent is getting intentionally removed or not. This would just help provide better overall accountability that once we deploy a Huntress agent to a device that we have a record that it was there and when/if it was removed.

-External Recon data reporting/alerting through email or PSA. -Ability to define IPs to track per organization. -Customize IP labeling, ability to add notes to ports (explanation on why it's left open)

As an MSP, our customers would like the ability to be notified immediately along side us when Critical Incidents/Detections occur.

I have noticed that if a remediation rejection is made that there is not a way to know what is not being alerted on or a way to audit those changes. Unfortunately, we had an engineer reject VPN activity from a threat actor. As a result, that VPN service was no longer alerted on and effectively allowed persistence for more than a month. Can a step be added to the rejection process where admin approval is required? Maybe this can be an optional setting as it may not be desired by all MSPs. If not having rejections as an option for less permissive roles is possible, that might be a good solution as well.

Would like the ability to mark a remediation completed to give a green check instead of the red X when manual remediation was done instead of the Huntress automated remediation, e.g. a mailbox rule was manually deleted instead of the agent deleting it.

It would be nice to have a button in the reports section to Regenerate all monthly reports for organization's and have them automatically mailed out.

It would be nice if remediation was shown on the monthly reports, instead of stopping at reported. Reported just shows our customers what we were told about, but not what we actually did to protect them.

Looking for a way to manually flag a finding on the external recon page or convert it to an incident we can track/resolve.

Was asked to also submit this here :). For the ScreenConnect hosts listing, the list filters in dynamically based on the detected versions, however it would be nice for MSPs that are working to remove ScreenConnect install remnants of prior MSPs to have the list dynamically filter out as well. This could be on a set cadence to know if the ScreenConnect agents have since been removed or not of if additional remediation steps are required.