Email/API Alert Info Consistency
a
andy smith
Please include Customer, User/Device in all email and API notifications. Also, keep consistent verbiage. This would seem basic as new alerts are being created. 'Microsoft Defender Needs Attention' does not give enough info to have a PSA scrape for anything worthwhile. I see that escalations are following in the same footsteps as they inform us of what the issue is but not who it's for. Instead of automating ticket creation, we now need someone with Huntress access to login and figure out who the alert is for whereas standard incident reports provide everything we need.
Autopilot
Merged in a post:
Adding additional info to notifications sent to ticketing systems
A
Andrew MacReady
Basically, have the ability to add the user (who triggered the alert) info when the system generates notifications to the ticketing system, so you do not always have to log into Huntress to see it in the details. See example below which we get from Huntress to ConnectWise:
"Huntress detected one or more logins from Japan. This country is not the usage location provided by Microsoft nor was this country expected or unauthorized by an access rule when the login was observed.
Action required: Let Huntress know if logins from Japan are unauthorized and should be reported as an incident or if this login was expected. Review the escalation for more details.
Note: This is NOT an incident report. If the Huntress SOC deems this activity malicious, you will receive a follow-on incident report, regardless of whether or not you resolve this escalation."
The above should include the user that triggered this in my opinion.
J
John Hardwick
All the alert messages should have a quasi consistent format, template, subject, etc.
J
Jason Lang
+1 here. We love the new Location/VPN Escalation alerts but would love to see the Escalation Alerts emails match the same format (at least in the subject line) as the Incident Alerts. We parse out the email alerts for the company that the alert is assigned to so the current alerts that only mention the Company/Site down in the body and an inconsistent format, are difficult for us to account for different types of Escalations.