Pull phishing emails involved in an incident from all mailboxes
A
Adam Palmer
Often the same phishing email is sent to multiple individual recipients at the same organization. Once adversary activity is detected on one account and an incident is triggered, it would be phenomenal if Huntress would proactively find and remove (soft delete automatically with an option to push a button to hard delete) these emails from all other mailboxes. It would cutdown on additional work required to secure the environment after the first user is successfully phished. MSPs and their partners would really benefit from a feature like this.
N
Naftuli Herzog
+1 for this (Petra ITDR has it already!)
preventing other users from falling victim to the same attack.
The pulled emails should be included as evidence directly in the incident report
, providing full context without requiring a manual pivot into M365.A
Alex Canham
This would be very helpful to have
R
Russell Tammany
It would be great to have this feature, some other ITDR tools have it already. Same with a report of any emails/items the attacker accessed...