Integrations

Ability to create email integrations at the organization level so incident reports for certain organizations will be sent to them and not the account level emails.

Allow that ability to link different products (EDR/ITDR/SAT/SEIM) to different contracts in Autotask rather than all of them being tired to one Contract for Billing Update purposes.

We would like to see a billing integration between Huntress and HaloPSA. Ideally this would push license counts for all Huntress products (EDR, ITDR, SAT, SIEM) to each of our customer records in HaloPSA and allow us to link the invoice quantities with licenses in use.

We are using the billing sync feature to sync into Autotask. There seem to be failures from time to time. I would also like to be able to send either tickets into a PSA or an email to ensure that we are proactively notified of billing sync issues without needing to come and manually check for sync issues on our sync day each month. This would also go hand in hand with a previous feature request I made for being able to 'sync now' at customer / product level so that we can test the connectivity between Huntress and PSA and know we've resolved the issue.

Add the ability to ingest telemetry from Crowdstrike Falcon into the Huntress to allow the SOC to have visibility acoss endpoints without Defender enabled. Management of Crowdstrike would stay in their own portal.

Perception Point email integration, if a threat originated from an email, huntress can send the file hash to perception point and they can block all emails with the file hash: Current EDR platforms perception point that they support https://perception-point.io/landing/sentinelone/ https://perception-point.io/landing/crowdstrike/

I informed that Virustotal integration stopped and now the threat operations teams review the binaries manually. I liked the VT scoring and I think that an automatic check and verification, even as a first step is mandatory. Especially for Endpoints that have a third-party AV or are incompatible with the Managed AV.

By leveraging the SAML protocol, Multi-Pass, an innovative passwordless solution developed by Kelvin Zero, can significantly enhance both security and user experience for end users. The integration has already been tested successfully. The new authentication flow would allow users to: Initiate login via the Huntress SSO module using their email address > Be redirected to Multi-Pass for biometric authentication > Be seamlessly redirected back to their Huntress dashboard.

Candidly, integration with Defender is nice. However, we've seen where Defender is slow to prevent an attack or infection on a device where other specialized EPS solutions seem to excel. Specifically, we leverage Deep Instinct as an EPS. It works great in terms of prevention of known and unknown threats. I won't repeat the marketing material. What I can say is that in our environment, we went from having 1-2 events per month with Cylance to having zero in almost 2 years. We run Deep Instinct and Huntress as part of our endpoint security stack as Deep Instinct does not have an EDR and Defender did not satisfy our needs on its own. If we could integrate first a SIEM connection to get prevention events from Deep Instinct to Huntress, that would be fantastic as a start. A wish would be a more complete integration - but honestly, just a SIEM integration would make me feel better at night.

We use Securepoint UTMs. It would be important that the SIEM also recognizes them like Sonicwall Syslog.