Huntress
Create
Roadmap
Reporting/Alerting
58
Changelog
Powered by Canny

Reporting/Alerting

Category

External Recon Reporting/Customization
-External Recon data reporting/alerting through email or PSA. -Ability to define IPs to track per organization. -Customize IP labeling, ability to add notes to ports (explanation on why it's left open)
13
Create ticket for disabled firewalls
If Huntress detects a firewall is disabled, it would be good if we could have to option to allow Huntress to create a ticket for the client in our PSA, similar to incidents.
0
Put Escalation / Alarm on Hold
Allow organisations to put an escalation or alarm on hold while they wait for customer feedback, this will reduce the time taken to solve incidents, further increasing efficiency and trust in partners.
0
Incident Reports
Right now we just have the option to pull a report that tells us there was an incident. Would like to see the ability to pull a report that has detail on that incident to provide to clients.
0
Password File Detection End User Report
Would like to see an end user facing report similar to the monthly client report that could be sent directly to an end user with details on the password file(s) that were found and then info on what they should do and why it's best to not have this stuff saved like they do.
5
Allow choice of Severity to get SMS messages for.
It would be nice to be able to choose what Severity you get SMS messages for. Obviously Critical should be default but would like to be able to choose HIGH severity as well to get SMS alerts.
0
Audit trail log for installed/removed agents
It would be a great feature to have an audit trail for all installed and/or removed agents. This would just be a log file listing agents installed or removed to allow us reconcile if a Huntress agent is getting intentionally removed or not. This would just help provide better overall accountability that once we deploy a Huntress agent to a device that we have a record that it was there and when/if it was removed.
2
Escalation alerts missing important info
Escalation does not include critical information such as the user account affected, when seen, IP address. Manually having someone go into the portal to view the information slows everything down.
0
Notifications showing "Organization + Device"
Is there a way for more distinguishable identified such as which "Organization + Device" currently it only shows hostname which multiple companies utilize the same hostnames
0
Exportable Reports
I would like the ability to export/print an incident report summary to provide to clients/cyber forensics teams.
0
Load More
Powered by Canny