Share your feedback...
Overall custom permissions for my users. I'd like to have a role where a security engineer can add/remove orgs from the MDR integration. I do NOT want them to have admin rights.
Right now, we are relegated to what we've been handed from the Huntress kings/queens. I'd like to see a bit more flexibility with custom permission role sets. Thanks.
We need the ability to suppress alerts in some instances. There is often a legitimate need to have an email forwarding rule in place. I'm not sure if Huntress will alert on unusual location sign-in but another instance for suppression would be when a user is traveling.
Expand API to MDR for Microsoft 365
In its current state, expanding the API to include endpoints for MDR for Microsoft 365 would give partners the ability to lookup user principal names, billable status, and if an account has registered MFA.
Ability to Export Billable Users
Seeking the ability to export the list of billable users from the billable identities page- https://MYSITE.huntress.io/account/managed_identity/user_entities?filters%5Bbillable_licenses%5D=true
conditional access failures
We're using SaaS Alerts currently and one alert I would like to see in Huntress is when an account has authenticated with a valid password but fails a conditional access policy that otherwise blocks the sign-in. This is common when a user submits creds to a phishing message but the threatactor attempts to sign-in from a unauthorized location. The account is still considered compromised thus requiring remediation.
Endpoint and Office 365 Most important
80% of security related issues we work on are endpoint & Office 365 related. We can use the Sentinel SIEM from Microsoft and other products, but they seem to be from full SOC vendors. If there was a good 365 monitoring solution, I would find it easier to get Huntress in more of my clients.
Ability to provide client info for Huntress Analysts
To help Huntress determine if a security incident is legit or false positive it'd be nice if we could provide key info on the tenant\organization to Huntress. For Example if the client is located in a specific geography and works set hours Huntress have a baseline to make decisions on related to incidents. A specific example could be: A business operates out of the UK and Spain and with typical working hours at 07:00-19:00. A login from Korea at 01:00 would be outside of the provided info client info and so subject to higher level of scrutiny by the Huntress Analyst.
DKIM, DMARC and SPF Monitoring
Would love to see a check on IF the records for SPF, DKIM and DMARC are in the DNS records would be great. We had to build a tool ourselves to check this, but have to manually add the domains we want monitored. Would be nice to query the Graph API and see what domains are within the tenancy and then check those on a hourly basis in case its shut off. Huntress could build this in! :)