Bring Back M365 Audit Logs for Users
in progress
N
Neil O'Sullivan
Please bring back the ability to click into a user's account and pull up their recent audit/sign-in activity! That was a tool I used all the time and was very helpful, especially since there doesn't seem to be a filter available for the "All Events" view either. Definitely helped make my life much easier and efficient when checking user activity.
Thanks!
M
Matthew Coombe
I would also like to see the Device ID and Compliant state from the Entra Sign In logs in the Huntress alert so we can quickly cross reference if this is an enrolled/compliant device logging in from a new country because the user is travelling.
I would also go one step further and say that Huntress has the telemetry to know that the device id for the user is commonly used in other countries and therefore the fact that the user/device has logged in from a new country would suggest the user was travelling and is of no significant risk. If the device id was new or unknown then this would represent a significant risk and is much more likely to be a compromised account.
Rich Mozeleski
in progress
We are going to provide Managed ITDR log ingestion and retention within our Managed SIEM product. This functionality will be provided as a free data source within Managed SIEM and will not require a separate Managed SIEM subscription.
This will allow partners to review all logs associated with ITDR detections (as before) while providing the additional query functionality that the new product provides. We will provide a link within the Managed ITDR dashboard to view these events.
J
Jonathan Pilkington
Rich Mozeleski If we have a SIEM license does that mean it will be also kept for a year?
Rich Mozeleski
Jonathan Pilkington: Hey Jonathan! The ITDR logs will be kept for a year regardless of whether or not you have purchased Managed SIEM.
Rich Mozeleski
planned
While building the Unwanted Access capability for the product, we completely refactored our backend handling of events from Microsoft. This refactoring prevents us from recreating the "View All Events" view.
Being completely transparent, we did not realize the value many of our partners put into that view. We cannot easily recreate it but we are looking into options to restore this functionality.
I'll share more information when I can.
J
Jacob Wiley
Yes, please bring this back. Huntress provides the 'single pane of glass' that Microsoft can't touch (no I'm not going to use lighthouse).
A
Angelique Thayer
This really needs to be brought back. I have a user that was compromised and it was not caught by Huntress. I am trying to figure out why and how. The bad guys even managed to get additional 2FA devices configured and I am trying to figure out how that happened so that I can explain it to my client who almost lost $800,000. Thankfully their Vendor called and asked questions, which we all know doesn't normally happen. The logs will at least give me an idea of where a users email account is being logged into without having to did through the Microsoft Tenant account logs.
A
Alex Perrot
This is also a must-have for us. Absolutely a frustrating regression.
C
Christopher Beckstrand
Came here to see if this was already requested. I'm not sure why it was decided to remove this. Please add it back to the UI.
W
Wilmer'la Armstrong'la
Agreed - raised this with the product team and they said it was removed because the same data was available in the MS portal, but as an MSSP it was much easier to see it all in one place in Huntress for all customers.
N
Nick Whittome
Agreed. Used this all the time.
C
Chris Brannon
This!! Plus, I would love to be able to drill down on the new UI, for example, to view all logs related to the VPN or listed country.
Load More
→