DNS allow list / cloud RMM and AV access for isolated endpoints
R
Robert Dana
Huntress now supports an IP address allow list for isolated hosts, but this doesn't work with Cloud RMM, AV, or other tooling which typically uses dynamic IP addresses for agent connectivity. Vote here if you'd like to see this capability added.
Even better, it would be great to hear what specific tools you'd want to use it with; the list of DNS names that need allowing for typical cloud tooling is long, and we could potentially preconfigure them (just check a box) for common-needed tools.
C
Craig Thompson
+1 for allowing domain whitelisting - We use NinjaRMM and I'd also agree that with the rise of RMM abuse - automatically allowing the RMM might be better done on a per isolated client basis - after review the initial report for example you can allow RMM and it'll unblock that access.
Matthiew Morin (Huntress)
Merged in a post:
Tooling Allowlist - FQDNs in addition to IPs
T
Timothy Schmitt
Tooling allowlist currently only supports the manual additions of IP addresses. This doesn't allow for easy addition of tools that are hosted in the cloud with dynamic IPs. There should be an option to add the FQDN to prevent the need to constantly update lists of IPs. This is especially problematic when there is an incident and the IP list needs to be updated before we can access isolated hosts.
Matthiew Morin (Huntress)
Merged in a post:
Tooling Allowlist Option for Remote RMM Tools
N
Neil O'Sullivan
It would be great to allow RMM access to an isolated machine so that we can continue to remote in and work on the device based on the Screenconnect Hosts page you keep track of. I know there are aspects that make this challenging, but being able to investigate and connect to our remote devices that are experiencing an incident would be very much appreciated. Thanks!
Matthiew Morin (Huntress)
Merged in a post:
Tooling Allowlist - IP & URL
C
Christopher Culligan
Many vendors are using dynamic IPs for their organizations, and I believe it would be helpful if we could target the URL with wildcards in addition to the IPs currently available.
A good example of this is NinjaOne.
Matthiew Morin (Huntress)
Merged in a post:
Allow Hostnames in Isolation Whitelisting
Ramón DeWitt
As it says on the tin. Allow us to also enter hostnames in the tool whitelist of isolation. We have some tools that don't give us an IP block to whitelist only a few hostnames or sometimes a mix of both.
Some of these are semi critical to keep functional for IR. Would be ideal to allow them through for the times Huntress alerts first.
P
Paul Schwegler
MOST cloud-based RMMs and remote access tools do NOT give a static IP or block to whitelist. This feature is very important in my opinion.
C
Cody Pieper
Hoping this comes soon, NinjaOne is unable to be whitelisted without FQDN/dynamic IP addresses, and we're an MSP that has a massive number of remote clients.
Matthiew Morin (Huntress)
Merged in a post:
ninjaone ninja remote
h
hal abramovitch
it would be nice if huntress/ninja could team up to allow ninja remote thru when a device is isolated
G
Guy Liu
Yes, much needed capability. Manually managing long lists of IPs doesn't seem to be practical. Would be great to avoid issues accessing RMM tools during a host isolation - extra headache on an already stressful situation. Please implement asap.
M
Mackenzie Santos
This would be a huge help, specifically for being able to exclude a specific instance of Screen Connect and/or Syncro.
Load More
→