We desperately need more features in this toolset.

Would be nice to only limit it to server agents. we get too many false alarms for users with laptops that are at home or coffee shops. If it limited it to just servers, we'd get more accurate potential vulnerability alerts.

Perhaps to narrow down some feature needs I would suggest alerting for "dangerous ports" coming open (RDP, SSH, Telnet for starters) Essentially a port that could be abused externally.

Adding IPs for the client by giving their registered DNS address(es) would be nice. Adding "Clientname.com" and pulling the IP addresses listed there and updating them automatically if DNS changes would help label sites such as login portals etc.

At the moment the External Recon feature isn't terribly useful. There's no way to filter out IPs or ports that have already been reviewed (as already mentioned multiple times in this feature request).

What I haven't seen mentioned is the reason or use case for wanting to filter out IPs or ports. If we could acknowledge ports that are legitimately open (perhaps on a specific IP), then when we open the External Recon report, we would be able to see only CHANGES. This is potentially actionable information.

Of course the next step would be to send a notification or open a ticket if there is a change (as mentioned by Gaylord Wunsch).

This would be super helpful. We just had an incident that could have been prevented if this feature existed.

Just getting familiar and I'd like to see some sort of inline 'notes' and 'status' (unreviewed, reviewed, changed since last review' type indicators.

It'd also be helpful to have some way of tagging WAN IPs that align with physical office networks we support so they stand out among (potentially) numerous WFH/residential networks that devices can travel to.

Add a direct link to Shodan for each port as well

Creating an alert for new entries through PSA is a great idea, as anytime a new port is opened, it should be investigated and confirmed to be legitimate. Having this as a documented alert/review/resolution would also be a good procedure to have in place to demonstrate due diligence.

Ability to label each IP with a custom name. Useful for those who have many external locations to track.