SOC/Incident/Investigations

During large-scale or successful lateral movement incidents, we would like to speak with a Huntress security analyst for additional background and guidance, beyond what is listed in the incident report. A 1-hr SLA would be fine.

It would be nice if an email was sent when remediations were ran stating if they were successful or not so we can automate it into our ticketing system.

Would love to see the ability to close a PSA ticket, and in turn, that resolves the incident.

Please make the columns on the incidents page sortable and filterable.

We receive a ticket now for hosts isolated by the Huntress team as a part of an investigation, but we'd also like a ticket for any manual host isolations performed. If someone calls in because their device can't access the internet, I want a tech to be able to easily identify that as the reason within our ticketing system. If they weren't the tech that isolated within Huntress, they'd have no way of knowing it was triggered there unless they had credentials to the Huntress dashboard and thought to look there.

Love the critical incident notification for administrators. Would like to see this pushed down to the customer organization level, with ability to notify customer directly. We do have some more technical folks who can start IR quickly.

Can you add the texts and robocalls for critical incidents at the organization level? It would be nice to be able to set this up for IT managers, etc. at individual customers.

Addition of Portugal (+351) to the available countries in the Incident Notification Contacts.

I like the summary report. However, there needs to be another page added to the Thread Report that shows very specific detail for the red "Incidents Reported" section.

Is there any plan to implement a feature to be able to export 'Incidents' to a CSV? This feature would be greatly appreciated.