Integrations

Ability to create email integrations at the organization level so incident reports for certain organizations will be sent to them and not the account level emails.

Currently the Halo integration can create tickets/alerts but we cannot respond or close from Halo, Can this be expanded to a 2-way communication so our agents can work / close items in Halo instead of needing to close the Halo ticket and the huntress ticket separately.

Would love to see the ability to close a PSA ticket, and in turn, that resolves the incident.

I don't have any clients who use Windows Defender. It would be great if in the future there was a Sentinel One integration to pull logs from and review detentions to confirm that Sentinel One completely removed the threat.

Integrate with Cloud Radial to provide up-to-date endpoint status for clients as well as investigation history

We enabled SSO with Microsoft Entra. It still requires us to manually create the user within Huntress before they can login. Many other applications that we integrated have an "auto provision" setting. When enabled this will automatically create the user in Huntress as long as they're part of security group on the Entra Enterprise Application. Some of the better ones even have mapping logic where you can map specific Entra Groups to specific permissions on the application (huntress) side.

When a ticket is created from an alert, there is a Comment from the Huntress SOC that is visible at the bottom of the incident which lists the autotask ticket ID#. This ID# is not searchable in autotask or able to be used to open the ticket in any simple way. If you are crafty you can make an URL to open the ticket and use the ID as part of that. So 2 things from this, 1) Update the note creation logic to have a link that you can click on to open the ticket, this ID# will be helpful for that. 2) Use the ticket NUMBER for the visible display on the note as that's something that can be used to find the ticket when searching in autotask. If you can only do one thing, the link is more user friendly in my opinion, but either would fix the problem and both would be fantastic. Current Comment format: Created Autotask ticket with ID #234567. Recommended Comment format: Created Autotask ticket with number T20250115.0001 (link to https://ww5.autotask.net/Autotask/AutotaskExtend/ExecuteCommand.aspx?Code=OpenTicketDetail&TicketID=234567 ) or whatever base autotask URL is appropriate

Hello, As per the documentation, we can assign tickets categories. https://support.huntress.io/hc/en-us/articles/4404005192595-Reporting-Incidents-to-Autotask-PSA But only the default one. It would be a great feature to be able to assign it to a custom one. Since a lot of Autotask integration offer it. Thank you,

Can you show the ticket number in the incident when its created in Huntress?

I informed that Virustotal integration stopped and now the threat operations teams review the binaries manually. I liked the VT scoring and I think that an automatic check and verification, even as a first step is mandatory. Especially for Endpoints that have a third-party AV or are incompatible with the Managed AV.