Hi,

We had alert that an trojan had been removed from a device and this is raised as an alert within the M365 Security Portal and was reported to us by Microsoft via email.

However, although we can see this if we dig into Huntress (it is not seen from dashboard) there is no incident raised and thus no ticket in our RMA so if we didn't have the email from Microsoft we would be unaware.

What is the expected behaviour and workflow to have Huntress raise a ticket in the PSA and close it out on PSA and Microsoft when resolved ?

Thanks,