DNS allow list / cloud RMM and AV access for isolated endpoints
R
Robert Dana
Huntress now supports an IP address allow list for isolated hosts, but this doesn't work with Cloud RMM, AV, or other tooling which typically uses dynamic IP addresses for agent connectivity. Vote here if you'd like to see this capability added.
Even better, it would be great to hear what specific tools you'd want to use it with; the list of DNS names that need allowing for typical cloud tooling is long, and we could potentially preconfigure them (just check a box) for common-needed tools.
Matthiew Morin (Huntress)
Merged in a post:
Allow process name in Toollist allow feature
M
Mark Curtin
I would like the ability to allow connections via process name in the Toollist allow feature. Currently, connections are limited to outbound connections with static IPs, and there is no option to allow connections via process name. This feature would be beneficial for managing remote sessions more effectively.
Matthiew Morin (Huntress)
Merged in a post:
Tooling Allowlist - FQDN / Hostname
M
Matthew Dunn
We have encountered when setting up the tooling allow list with Ninja RMM that its specified to put in IP's, Ninja RMM doesn't provide IP Addresses only FQDNs/Hostnames. It'd be good to have an option for FQDN's in the allow list for this, or to work with the RMM Providers, to give you ready made Options that you can add in, e.g. toggle on Ninja RMM in the tooling list, Connectwise Automate etc.
Matthiew Morin (Huntress)
Merged in a post:
Tooling Allowlist - Add Subnets
J
Josif Leitner
Ability to add a subnet to allowlist.
A lot of vendors provide IP "Subnets" instead of individual IPs.
Matthiew Morin (Huntress)
Merged in a post:
Allow domains for tooling allowlist
D
David
Allow domains for tooling allowlist. Some RMM's don't provide IP's but only domains to allow.
C
Craig Thompson
+1 for allowing domain whitelisting - We use NinjaRMM and I'd also agree that with the rise of RMM abuse - automatically allowing the RMM might be better done on a per isolated client basis - after review the initial report for example you can allow RMM and it'll unblock that access.
Matthiew Morin (Huntress)
Merged in a post:
Tooling Allowlist - FQDNs in addition to IPs
T
Timothy Schmitt
Tooling allowlist currently only supports the manual additions of IP addresses. This doesn't allow for easy addition of tools that are hosted in the cloud with dynamic IPs. There should be an option to add the FQDN to prevent the need to constantly update lists of IPs. This is especially problematic when there is an incident and the IP list needs to be updated before we can access isolated hosts.
Matthiew Morin (Huntress)
Merged in a post:
Tooling Allowlist Option for Remote RMM Tools
N
Neil O'Sullivan
It would be great to allow RMM access to an isolated machine so that we can continue to remote in and work on the device based on the Screenconnect Hosts page you keep track of. I know there are aspects that make this challenging, but being able to investigate and connect to our remote devices that are experiencing an incident would be very much appreciated. Thanks!
Matthiew Morin (Huntress)
Merged in a post:
Tooling Allowlist - IP & URL
C
Christopher Culligan
Many vendors are using dynamic IPs for their organizations, and I believe it would be helpful if we could target the URL with wildcards in addition to the IPs currently available.
A good example of this is NinjaOne.
Matthiew Morin (Huntress)
Merged in a post:
Allow Hostnames in Isolation Whitelisting
Ramón DeWitt
As it says on the tin. Allow us to also enter hostnames in the tool whitelist of isolation. We have some tools that don't give us an IP block to whitelist only a few hostnames or sometimes a mix of both.
Some of these are semi critical to keep functional for IR. Would be ideal to allow them through for the times Huntress alerts first.
P
Paul Schwegler
MOST cloud-based RMMs and remote access tools do NOT give a static IP or block to whitelist. This feature is very important in my opinion.
Load More
→