Managed ITDR

We sometimes see incorrect IP geolocation's which cause false positive ITDR alerts, which can cause a hassle as we can't exclude specific IP addresses from the ITDR alert without excluding the country (which is incorrect and causes unnecessary risk). A button to mark an IP as an incorrect location with an option to exclude this IP from further alerts would help reduce the noise in our SOC.

Want to be able to set a start date for expected rules so that when a client gives us the start and end date of a trip we can add the schedule in when they tell us instead of having to schedule in to do it on the day they leave.

When dealing with a compromised client, the need to pull custom reports for documentation to submit to insurance companies & forensic companies would be helpful. If it was setup similar to the custom reports in SAT and be able to choose the different options and specific user for documentation & review.

I’d like to propose that Huntress develop a Microsoft 365 Spam Filter Management solution that integrates directly with the existing ITDR agent. This enhanced offering would allow customers to centrally manage domain level blocklists and whitelists across all ITDR clients. Simplify and unify management of: Quarantine workflows Email tracking Inbound and outbound policy configurations This would streamline spam filter administration and improve visibility and control for IT teams. The solution could be offered under a distinct licensing model (ITDR+), reflecting its added value and functionality.

We would like to have detections and alerting for DropBox through IDTR. I have seen a similar idea achieved by SaaS Alerts. Use case: Detecting when a Dropbox account is accessed outside a specific region or through a VPN.

I want to block all countries except the US and India to prevent unauthorized access. Currently, I have to create a rule for each country, which is time-consuming. It would be beneficial to have a feature that allows mass blocking of countries, similar to the existing VPN blocking capability.

Add the ability to filter by Enterprise Applications under rogue apps - view all applications. The current list includes hundreds of built in 365 management applications.

I would really like to have the huntress edr and itdr to call on different numbers and different caller id. It would help us quickly identify if it’s an agent based incident or user based incident.

If you have a broken tenant, we will tell you.

We will continue to make improvements to Unwanted Access