SOC/Incident/Investigations/Escalations

It would be good to have the ability to export process insights when there is an incident. These are needed in alot of cases for multiple weeks and for archivel purposes. At present we have to contact the SOC to do this

Currently, there is no alert when an escalation is reopened, which can lead to missed updates. It would be beneficial to have an alert system in place that notifies us whenever an escalation gets reopened, ensuring that no important changes go unnoticed.

Looking back at historical incidents there is no title field in the incident list. Which makes it hard to identify the different types of incidents and making it difficult to find a specific incident. For Example I was looking for a previous incident for a detected mailbox rule and I couldnt remember which organization it was for. I knew it was likely a M365 Detection service but there are many of those and there wasnt any other fields to better identify what the incident was about. I ended up searching my email for the Incident notification email that contained the key words Inbox rule. Perhaps you could generate an incident title from the SOC report or from the incident email notification. Also it would be good to have a next/previous button when viewing a report so we dont have to keep tracking back and fourth to the incident queue to see the next incident in the list. This should be added to any other list view items. Thanks Huntress team!

I would like the ability to have email escalations set at the organization level rather than just the account level. This would ensure that subtenant administrators receive necessary notifications directly, improving communication and response times.

It would be beneficial to have an identity option in the escalation process when issues are first detected. This would allow for more precise handling of escalations on a per-user basis, improving efficiency and accuracy in managing access rules.

Please add the ability to add comments to the incidents, as that would improve communication between our team, so they don't have to login to the ticket system and find the ticket to see what the update is.

Can you add the texts and robocalls for critical incidents at the organization level? It would be nice to be able to set this up for IT managers, etc. at individual customers.

We have a request in from a customer to be able to view the Escalations menu. Currently this is only available to the MSP Partner

During large-scale or successful lateral movement incidents, we would like to speak with a Huntress security analyst for additional background and guidance, beyond what is listed in the incident report. A 1-hr SLA would be fine.

It would be great to allow RMM access to an isolated machine so that we can continue to remote in and work on the device based on the Screenconnect Hosts page you keep track of. I know there are aspects that make this challenging, but being able to investigate and connect to our remote devices that are experiencing an incident would be very much appreciated. Thanks!