Link Investigation to Host
Display which host(s) were investigated
We don't have a way to show this currently. In addition to investigating suspicious/malicious items, we also use investigations to internally categorize legitimate applications such as security products and system administration tools. For commonly used software like antivirus applications and system management tools, the investigation may apply to multiple organizations (and hundreds of hosts). This makes it hard for us to visually represent when there are a large number of organizations and/or hosts
For the time being, if you need to know what Host an Investigation applies to, you can write into Support@huntress.io
yes, which host and which organization, as well (without having to filter down to each organization from "global" until the investigation is displayed again). They investigated a script that we had created and ruled it benign, and I recognized the folder name as associated with a longtime client. There was a second similar investigation where I didn't recognize it, and I would like to be able to determine whether the script is still necessary. Perhaps an old MSP or previous IT manager installed it and it's no longer needed or desired. Finding it would be very difficult with our number of organizations and endpoints.
I'm shocked that this has not been done yet. It seems like common sense that if Huntress is telling us an app is potentially unwanted that it would let us know where to track it down. Also, as soon as I contacted support to get the host that was involved with the investigation I was told to upvote here, and that they would not tell me the hosts. Usually Huntress is on-point! This is out of character for them.
yes, would be very helpful to know so we can go remove the offender app that was installed in our case.
This would be very valuable to us to know which machine is being investigated! In these findings there are potential pieces of software that we may or may not want on a machine and knowing which pc has said software would be very beneficial. Please add this feature versus us having to request support to do so.
What do we need to do to get this at least to the under review status?
I will add my support for this feature! I am new to the huntress family and Received an incident report for software that SHOULD NOT BE ON ANY of the systems in my account. A simple click through to a list of hosts that triggered the incident would rather should be a necessity. for all the reasons previously mentioned and many more I can think of.
I agree, this would be very helpful to have built into the interface.
I have been requesting this for months. We don't need another step in the process - just post it on the website where we see the Investigation took place.