Huntress Discovery functionality
G
Garrick McIntyre
A capability to discover devices that should have Huntress on them, but do not would be nice. Similar to SentinelOne Ranger feature.
We currently rely on our RMM to deploy Huntress and we have built in logic to redeploy Huntress if it is removed. We had a peer recently get compromised and their RMM was removed. This also requires the RMM to realize Huntress has been fully uninstalled. Having a native capability in Huntress to find devices on the network that are supported and send alerts if they do not have Huntress installed would help fill some gaps in the process.
Canny AI
Merged in a post:
Client Coverage hole detection
R
Runar Verwaal
in large environments, it would be great to see clients that does NOT have huntress agent installed.
It could be achieved by collecting ARP table from the client.
With a treshold of "number of known Huntress agents" seen in network, it could report MAC addresses that is not known by huntress as machines not covered by huntress.
example:
1-2 huntress agents mac addresses seen in network = likely to be a home network. for gdpr reasons do not record mac addresses.
10+ huntress agens mac addresses seen, list all mac addresses (mac vendor, hostnames and as much information as possible).
This will make it easy to find clients that is not enrolled with RMM, showing the holes in your deployment.
Devices as printers, firewalls and switches can be "dismissed" by the admin.
Also, when new mac address is seen, give the possibility to report as an incident.
This machine "could" very much be a malicious "raspberry pi" device connected to ethernet jack in the lobby, dormant and waiting to take over your network :)
Matthiew Morin (Huntress)
Merged in a post:
Detect Windows EDR machines that are missing the Huntress Agent
B
Brian Leberth
Use Huntress to detect and report on machines that are in the Microsoft EDR portal but do not have the Huntress agent installed.
R
Runar Verwaal
This also would record new devices introduced to the network.
Should also be possible to "comment" the type of device, like printers, scanners coffeemachines etc. so that known devices are not taking up attention.
SentinelOne has a Privacy feature where you can set it to scan when x number of known devices is on the network, excluding scanning all home office networks.
M
Michael Setton
Can also hook into AD or INTUNE