The escalations per identity in Identity Threat Detection & Response only support the two escalation types of Unexpected Country and Unexpected VPN. All others create new escalations. It would be nice for all escalations to be created with individual identities so that the Autotask integration accounts for all details in an escalation by ensuring each detail becomes a single escalation, which then becomes a single Autotask ticket. As of now, new details are getting added to old escalations that had already been resolved as well as the Autotask ticket completed. When escalations open again, the ticket does not get reopened. This causes a disconnect in our NOC in that escalations show as active in the Huntress console, but in Autotask. Our workaround is to closely monitor the console.