List user and tenant in unexpected login notifications
J
Jamie Pappas
it's a bit of a pain to have to log in to huntress to see who these notifications are referring to, especially when i see the notification through my phone or via my ticketing system
it would be helpful to have the user and tenant listed in the subject line or at least the body of the email so i can jump right into their m365 tenant and verify is the sign in is a problem
J
Juha Huhtamaa
Yes yes, "dig-in" features in map, until you see account details, also possibility to choose failed/success logins. First take look about CP/Avannan functionality and make it better in ITDR.
Autopilot
Merged in a post:
Include IP Address and Affected User in Unexpected Login Emails
S
Stevez Gomes
The emails currently being sent out is has no details as such it requires one to login to the portal to try and determine 1. Who the affected user is, and 2. What the IP address is and 3. If the IP Address reported is actually in the country it was reported to be (yes there are lots incorrectly classified emails).
J
John Hardwick
S
Stevez Gomes
Secondly, PLEASE PLEASE add the ability to enter an IP Address as an expected login. The current setup with only selecting countries does not work for all use cases, and I can demonstrate if you need the gaps and false incident alerts occurring because of incorrect classification of user login / location and IP.
S
Stevez Gomes
The below email has no actionable data. We do not work daily inside the Huntress portal as such if you simply provide who the user was and IP address it will help tremendously enabling us to quickly determine if its legit or not.