Managed SAT

I recently completed the Phishing 2 Assignment, and got two questions wrong due to them having poorly worded questions or nebulous answers. Question 1: What characteristic of QR codes allows bad actors to bypass email security filters in phishing attacks? Answer: They hide malicious links Feedback: The fact that QR codes hide malicious links is not what allows them to bypass email security. So this question is not relevant to the answer. Question 2: If you suspect you've entered your login credentials on a phishing site, changing that one compromised password is enough to secure your accounts. Answer: It depends Feedback: This answer is seriously nebulous and generally doesn't align with a recommended approach of scrutinising all other passwords & updating those too. With no further context, "it depends" is not a valid answer for this question. The explanation behind the answer does give more context, but that's too late if you've already selected the wrong answer. The info in the previous slide also doesn't make it all that clear.

SAT Training - More concise & professional training module. Less animation and time to complete training.

I just wanted to provide the input that the Google Workspace UI has changed from what is documented in the page https://support.huntress.io/hc/en-us/articles/10962619872787-Allow-list-Managed-SAT-Emails-in-Google I was just going through it with my client today, and the Advanced settings is now no longer present. I would recommend you update the docs to keep them current, which I know is not easy, but I know Huntress has very high standards.

We are seeing more clients that need FWA and also would be good to have an episode for insider threat as well

Currently, the Threat Simulator is tied to the OSINT episode and cannot be assigned as a standalone module. It would be beneficial to have the option to create the Threat Simulator as an independent assignment, allowing learners to access it directly without completing the OSINT episode first. This flexibility would enhance training customization and meet specific client needs.

After reviewing Huntress SAT: Allow listing guidance for M365, it appears that two of the required policies are in conflict. Both Allowlist Phish Emails in Microsoft 365 EAC and Exchange EOP & the Allowlist Phish Emails in Microsoft Active Threat Protection (Safelinks) require the creation of a mail flow (transport) rule. The Allowlist Phish Emails in Microsoft 365 EAC guide however indicates you should "stop processing rules". The issue here is that means the Allowlist Phish Emails in Microsoft Active Threat Protection rule which modifies the message header never actually applies. This can be seen in implementation in the attached image where only one of the rules actually applies. Are both these rules actually required? If so, since both are set to "Apply this rule if…" the IP address matches Huntress IPs, couldn't they just be a single rule?

I would appreciate a knowledge base article discussing the type of phishing attack we encountered. This would be helpful for educating my team and raising awareness about such threats. Having a detailed article would provide valuable insights and preventive measures.

The Insider Threat video is missing key indicators of insider threats. It talks about one employee feeling unappreciated and shows the consequences but does not teach the commonly known indicators. These include, but are not limited to: • Difficult life circumstances o Divorce or death of spouse o Alcohol or other substance misuse or dependence o Untreated mental health issues o Financial difficulties • Extreme, persistent interpersonal difficulties • Hostile or vindictive behavior • Criminal behavior • Unexplained or sudden affluence • Unreported foreign contact and travel • Inappropriate, unusual, or excessive interest in sensitive or classified information • Mishandling of Confidential or sensitive information

It would be nice to be able to create an truely anonomous survey to use

Hi, In the Monthly Reports, it would be greatly beneficial to show who clicked or opened a phishing scenario email. Our customers see a clicking percentage but want to see which user (email address) clicked the phishing link or opened the phishing email. Including which users clicked the links or opened the emails would save us time in manually generating the information for our customers. It would also prevent our customers from spending time reaching out to us to request that information. If the information cannot be included in the Monthly Reports then it would be nice to have the ability to automatically send custom reports to our customers (specific email addresses). Thank you, Mark Tetuan Network Technician Nex-Tech