Include the email of malicious sender and malicious link in Huntress lockout incidents | Voters

Include the email of malicious sender and malicious link in Huntress lockout incidents

Sabina Hasanova

Hi All!

Currently when we get incidents generated on Huntress in case if this is a phishing attack and the user clicked on the link, we only get the IP attack occurred from. It would be extremely useful if we had the email of malicious sender and the contents of the email so we could have an idea how this has happened. Currently there no such function in place, I got a confirmation with Huntress support. On the top of that, it would be awesome to see what other mailboxes have received it an also if they interacted with the email and its content and purging the malicious email out of the mailboxes. Another useful function would be blocking the malicious sender for a set period of time. A product called "Phishier" of Knowbe4 has that functionality for reference

February 18, 2026

Gregory Marchand

I to would love to see this, but since Huntress does not look at the email in this fashion I wonder if this is even possible. my bet is at the moment the trigger is the web page opening the link, not the click in the email so I am not sure Huntress could even see the original trigger event. I am hopping I am wrong :)

In my experience this type of trigger would come from your email security software that is actually embedded within your M365 email Tenant to track these types of things. IE like Mail Protector or Inky, and or even Defender for M365