Reporting & Dashboards

Currently, the Managed AV Exclusions count shown in org-level reports aggregates rules from account, org, and host levels, but there is no single view in the portal that reflects this same consolidated list. To audit or reconcile the number shown in a report, we must manually check the account-level exclusions page, the org-level exclusions page, and each individual endpoint's AV policy page separately. This is not a scalable workflow.

Can the default view for the Organizations dashboard please be set to Show 500 per page by default, instead of 10? I would like to be able to view all my organizations without having to adjust the drop down every time. See attached photo

The current Inactive Devices dashboard lists historical agent sessions (agent + IP combinations) rather than a true deduplicated device view. This creates misleading data and operational overhead because: IP churn (DHCP/VPN) results in multiple entries for the same device. Old IP contexts remain indefinitely; there is no auto-purge or refresh mechanism. Dashboard logic relies solely on Huntress agent heartbeat, ignoring other health signals such as Microsoft Defender for Endpoint (MDE) sensor status or Intune compliance. No option to customize inactivity thresholds or automatically delete stale records. Using this dashboard as a trigger for remediation could lead to false positives and unnecessary workload. Example: Device BLM-PC10Y482 appeared two times in the dashboard with different internal IPs (192.168.87.232, 192.168.87.162), even though the agent was healthy and active.

It would add a lot of value to have these items adjusted or added to the initial assessment report for Microsoft 365/EntraID tenants. CHANGES -Currently the list of application permissions does not name the apps in question -Currently the links in the report all go back to the Huntress portal which we do not allow end users to access -Currently the "example" mailbox rules and suspicious login events verbiage is not immediately clear- it reads like there was an actual event ADDITIONS -Show us users with GA permissions or other admin roles -Show us MFA details or at least counts of yes/no -Show if there are there Power Automate Workflows to reset passwords/MFA/setup new MFA auth methods -Show us whether enterprise app approval restrictions are in place -Show SharePoint/Teams external sharing setting -Show whether the M365 tenant allows new admin roles to be assigned without approval by an existing admin

We have the integration with Defender for Endpoint but it will only show a list of CVE and is really hard to get an insight on how secure the devices are on its own. Is it possible to do a security posture based on the active weaknesses and for instance the CVE score?

Impersonate users so we can test their settings and security.

Currently when viewing the incident reports screen it shows all incidents included all of those that are resolved. I can filter to show only unresolved incidents, however if I browse away from the page it resets the filter. It would be good if it could either remember your last selection across refreshes and sessions, or have the option in the filtering screen to save the filtering selection as default.

Hi, I would like to see more information about the handling of incidents to determine if the threat has been removed or actions are pending on the device (eg a reboot). Case and point, whilst Huntress reported an incident was resolved, when a Huntress analyst checked on the backend, there was still a reboot pending on the device in question. If I see a green tick and resolve status, I want to be confident that all actions are complete and if a reboot is pending, then I can contact the end user to perform a quick reboot etc. I dont want to wait to see if the incident is going to come back the next time a Huntress scan kicks off.

I noticed that ScreenConnect instances remain visible on the Command Center dashboard even after deleting related files. It would be beneficial to have a feature that allows us to delete or clear these instances from the dashboard, providing a cleaner and more accurate view of active connections.

Currently, the Agent page does not display firewall-specific issues, which can lead to confusion. It would be beneficial if the Agent page could reflect the same firewall issues flagged on the Overview page. This consistency would help users quickly identify and address potential issues across different views.