Reporting & Dashboards

This update will give Customers and Partners the ability to configure the details of where, when and who an Escalation will be sent to and reduce frequency of notifications

We would like to have the ability to customize the email notifications for the escalations so we can include more context to the notifications with links to our SOPs and documentation.

For some escalations like Defender not working properly it will not tell us in the email what device in question it is and if the device has already started working again by the time we look at it then it will disappear from the escalation page with no record. It makes it difficult to determine if there is an ongoing issue with a machine if I can't see a history of it having issues with Defender. Ideally it would just change to saying it was resolved for that host instead of removing it.

I need to test the escalation process by generating a test escalation email. Currently, there is no way to send test escalations, which makes it difficult to ensure everything is set up correctly for clients.

I find it confusing that the escalation page doesn't show the current date. It would be helpful if the page displayed the current date to clarify when new occurrences happen.

At present, there is no way to receive alerts when a new affected identity is added to an escalation. Implementing a feature that provides alerts for such updates would greatly enhance our ability to respond promptly to changes.

The formatting of the first paragraph in the escalation emails makes it difficult for me to quickly identify the organization name. Improving this formatting would enhance readability and efficiency when processing these emails.

In certain environments, such as printing and medical application servers, it's necessary to disable Windows Defender as recommended by the application vendor. However, Huntress agents continuously create Escalation alerts for these endpoints, which is problematic. It would be beneficial to have a feature that allows us to exclude specific Huntress agents from generating these alerts, reducing unnecessary notifications and focusing on critical issues.

I noticed that when an escalation is re-opened, it doesn't trigger the Autotask PSA workflow again. This is problematic for us because we rely on the ticket system to track all escalations, even if they are re-opened. It would be beneficial if re-opened escalations could trigger the workflow to create a new ticket in Autotask PSA, ensuring that all incidents are properly tracked.

Any chance to include device name and ID to Escalation alerts aside from IP? This will help us easy track the actual escalation real time, also save time checking the logs from backend