DNS allow list / cloud RMM and AV access for isolated endpoints
R
Robert Dana
Huntress now supports an IP address allow list for isolated hosts, but this doesn't work with Cloud RMM, AV, or other tooling which typically uses dynamic IP addresses for agent connectivity. Vote here if you'd like to see this capability added.
Even better, it would be great to hear what specific tools you'd want to use it with; the list of DNS names that need allowing for typical cloud tooling is long, and we could potentially preconfigure them (just check a box) for common-needed tools.
G
Guy Liu
Yes, much needed capability. Manually managing long lists of IPs doesn't seem to be practical. Would be great to avoid issues accessing RMM tools during a host isolation - extra headache on an already stressful situation. Please implement asap.
M
Mackenzie Santos
This would be a huge help, specifically for being able to exclude a specific instance of Screen Connect and/or Syncro.
Z
Zach Galifianakis
FYI, for those that use Gorelo, they have dedicated IPs for Gorelo Connect which you can add to your Huntress Tooling Allowlist. This way you can still remotely access a host even during isolation.
B
Brant Ray
Yes, I hope this will be added very soon.
Mason Schmitt
Given the rise in abuse of legitimate RMM tools by attackers, it certainly doesn't seem like a good idea to have a big default allow list of IPs and/or URLs. If Huntress ever decides to implement this feature, I'd suggest that the initial enablement of host isolation blocks all non-huntress outbound traffic, so that an attacker isn't able to continue their attack using the RMM tool they've decided to abuse.
To allow an MSP tech to begin remediation, Huntress could allow a couple options:
1 - An MSP tech could look at Huntress' reason for enabling host isolation and decide that allowing access to the MSP's RMM tool is necessary for remediation. They could then toggle on their specific RMM tool in the Huntress UI. In this case it would be assumed that all LAN access would still be blocked, so that no lateral movement is possible in the LAN.
2 - An MSP tech could look at Huntress' reason for enabling host isolation and decide that this machine needs to be wiped and rebuilt. They could then manually disable host isolation and immediately kick off the wipe and rebuild.
Matthiew Morin (Huntress)
Merged in a post:
Tooling Allowlist to include URLs
Nick Gusto
When partners work with third-party vendors for IR, Forensics, etc., sometimes those teams need to use additional tooling that is difficult to do when a host is isolated.
The partner in this example has a team needing to use CrowdStrike and the allowlist the app says it needs is by URL only and there are about 30 of them. They would like the option to add the URLs or select specific tools instead of having to lookup each IP tied to the URL, add IP, rinse, repeat, etc.
Matthiew Morin (Huntress)
Merged in a post:
RMM Tool Exclusion for Cloud Hosted Systems
H
Hayden Drummond
We want to use our RMM tool while it's isolated during testing. Currently, if we are using a cloud-hosted RMM, we cannot employ an RMM exclusion. It would be beneficial if we could add an RMM tool exclusion for cloud-hosted systems to ensure seamless testing without interruptions.
N
Nick
Another vote from me. There are multiple duplicates of this request across this system that should be merged.
Daddy McDadface
Please do this. Much needed. Not having CW/Screenconnect access to isolated devices is crippling.
F
Francis Germain
+1 for NinjaOne please !!!
Thank you.
Load More
→