Create Webhook for Incidents
It would be great to have a webhook for when issues are detected, with issue information for automated ticketing, response, and interfacing with other systems (you have device isolation, but other services could further evaluate and respond)
Expand API to include External Recon
I would like this API to allow me to pull external recon into something like Hudu so that I can create alerting.
Get MAV Policy Compliance Status Details
Use case is automating remediation of MAV Policy non compliance using RMM and/or other platforms. Get possibilities that come to mind are: a single host, array of hosts, all hosts in an organization, all hosts for an array of organizations, or just "all hosts not compliant with MAV policy" with the results including MAV policy compliance details including: compliance status, current policy setting, and current host setting would be very helpful.
Expand API from a Unified Search
I'd like to query Huntress via the API for information regarding any combination of file hashes, names, commands for Autoruns, Binaries, Collected Files, and Monitored Files. This can further Huntress's utility in threat hunting via an analyst or via automation.
Expand API to include Managed AV
My team especially could use the Managed AV functionality. Having the Health Status and Policy Status available through the API would help us ensure coverage while we are balancing multiple AV products.
Expand Report API capability
It's nice that the API has the ability to send the report location URL via the API, but what is the possibility of actually getting the report details like # of computers/servers, changes analyzed, autoruns reviewed, persistence breakdown, # of canaries deployed, incident summary & log for each report back in json?
Record Unique Hardware Identifier for Endpoints
We need to be able to see a truly unique identifier for our endpoints. Hostnames can be changed. Serial numbers, MAC addresses, O.S. license keys can not. In some cases users or company admins are able to set device hostnames and two devices could easily end up being exactly the same. This will particularly be a problem once support for macOS is added as devices very commonly end up with the same hostname as it is based on the initial user that is configured on the device (e.g. admins-MacBook-Pro). This obviously leads to potential issues with auditing, verification, and various other aspects of tracking our endpoints. I know motherboard serial numbers can not be captured, but then perhaps the MAC address can be, or the O.S. product key, or the disk drive serial number. The more (at least 2) actually unique identifiers available for an endpoint the better chance of properly identifying them. As it is with just a hostname, the chance of misidentifying is too high. This data will be absolutely critical once API is implemented for our software to perform necessary checks and verifications during operations.
I really wish Huntress integrated into my Hudu, LionGard, HaloPSA, something! So I can make the reporting client facing.
Add Repairshopr to Syncro Integration
Syncro and RepairShopr are the same when it comes to API integration. It would be nice if there was the option to put in company.repairshopr.com instead of company.syncro.com
External Recon - dump to CSV
If we could get a CSV dump button for External Recon info that'd be great, or display all unique IPs in one place for copy/paste (not just open ports). Right now we have to download the agents CSV to create a unique list of external IPs, which you actually have but only display the ones w/ externally available ports and w/o a download option. This would be useful to leverage in other systems.