allow muting or exclusion of a host from password file alerts
A
Andy Suarez
If a client/customer wishes to keep a file on their machine that has the name "passwords" on it that's up to them. We should be able to mark somewhere that we've followed up about that file and would like to mute or white-list or exclude future alerts about it. I can't imagine having hundreds or thousands of machines what kind of noise this would be creating weekly.
Canny AI
Merged in a post:
Password alerts
C
Craig Olson
Customers like the feature but form a MSP stand point with all the new password alerts coming in they are becoming WHITE NOISE. Yes you can filter the alerts but the LOW - Incident alerts that need actual remediation are flooded into the all the Password alerts that are LOW - Incident. Would like a way to somehow have the password alerts separated from the actual alerts that need remediation.
J
Joel DeTeves
Patrick Sofo [Security Product Manager] I would also like to see the ability to exclude not just hosts, but specific files. There are plenty of cases where our users have files that have "password" in the name even though the file does not contain a password.
The most obvious example from today is our user has files that literally say "No Password" in the filename, meaning she is doing as we asked and not storing passwords in those files, but she has labelled them in a such a way as to trigger the alerts.
Rather than just exclude her hostname, I would like to continue offering this protection for her while also preventing further alerts for that file.
Likewise, we have some cases also where we want to continue getting the alerts but we have some files that have "low impact" passwords (this happens often in the legal and real estate space, where they have these little access codes and things for certain third parties that don't necessarily fall under privacy protection, and are just shared in general documents between the parties).
Patrick Sofo [Security Product Manager]
Merged in a post:
Granular control over files that could contain passwords
C
Christopher Kuleci
I have a feature request for files that might contain passwords. If I have confirmed that a specific file is encrypted and is safe, I want to be able to mark that file as OK and not be told about it anymore. I want to be made aware of these types of issues until I have a chance to look at the file in question and take the appropriate actions. In this use case, the client file is encrypted and I am OK with their storage method, but other opportunities would present a chance to talk with and educate the customer about best practices as it relates to password management. The only option now is to globally ignore these messages and I don’t like that idea. But I would like to have an option to stop receiving warnings about specific files, with a notes area that we either verified encryption or that no passwords are present in the file.
J
Jason Barrett
Agreed. I have a "password" file on a client's network drive. I know what it is and they know what it is, but multiple endpoints trip the trigger. I need to be able to exclude certain drives, folders and files from the scan from time to time.
Patrick Sofo [Security Product Manager]
Merged in a post:
Credential Report Exclusion By File Or Folder
A
Arlie'la Bauch'la
We need the option to create Credential Report Exclusion by file or folder and apply it to the entire organization and not just one device.
D
Deon Marshall
Surprisingly, not a lot of noise.
However, exclusions are already possible at a host or organisation level.
The documentation is on their KB page: https://support.huntress.io/hc/en-us/articles/21966460493331-Potentially-Unsecured-Credentials
A
Andy Suarez
Deon Marshall: was told that this is not possible by huntress support, thanks for pointing that out. for others you can get to this by clicking hamburger menu in top right, then settings, then scroll down to "exclusions" section and add a new exclusion there.