MAV Incident Reporting
- The MAV detector framework is tuned and refined in preparation for sending a limited set of actionable MAV Incident Reports to partners. Delivery of a limited set of actionable MAV incident reports will begin around the week of July 26 to existing account integrations. This will include detections that have a ‘quarantine/remove failed’ threat status and will only apply for hosts in MAV Enforce mode.
- Manual Full Scanning is now available for all hosts. This allows partners to trigger an ad-hoc full scan in cases where a full scan has not been performed or if there is a significant event that would warrant running an immediate Full Scan.
- “Mode” column and “Policy Status” column are now merged to simplify how admins determine why a host is Non Compliant.
- The Policy Status column now has the following statuses, which includes Audit Mode:
- Audit: Host is in Audit Mode (no compliance status)
- Compliant: Host is in Enforce Mode; current settings match the configuration policy
- Not Compliant: Host is in Enforce Mode; current settings do not match the configuration policy
- Pending: Host is in Enforce Mode; policy status has changed, waiting for the endpoint to take on the new configuration changes.
- Unknown: Host has not checked in or does not have a survey with MAV details
- Compliant / Non Compliant are now treated as sub statuses of Enforce mode in the UI.
- "Agent Outdated" substatus.
- Added an “Agent Outdated” substatus for Agents who are running version < 12.2. This is in order to highlight agents that do not support Managed AV and therefore cannot be managed by Managed AV.
- “Offline” substatus.
- Added “Offline” substatus for agents where Last Seen > 60 min. This is to understand why an agent has not recently scanned or has out-of-date definitions because it has not updated its status to Huntress.
- “Missing” registered AV status to identify 3rd Party AV on Windows Workstation OS.
- Added a “Missing” substatus for Registered Antivirus. This is to verify what 3rd party AVs are still registered to Windows but are not actually present on the host. This story is primarily related to a common scenario in which Webroot does not fully uninstall cleanly (it still appears to be registered to the OS but isn't actually installed or running).
Portal UX + Public Website
- Updated the Monthly/Quarterly Threat Reports that Huntress sends to Partners.
- The monthly and quarterly Huntress Threat Reports have been updated to include additional Huntress service data. The 'Autoruns Reviewed' section of the report has been changed to 'Potential Threat Indicators' and now also considers Managed Antivirus (MAV) detections and Ransomware Canaries triggered. In addition to the threat data changes, other cosmetic and wording changes were made to highlight our Partner's security team, rather than Huntress directly.
- To provide Partners with requested incident metric data and highlight the value that Huntress provides, an Incident Summary page was added to the Threat Reports which breaks down incident data by severity, identifying service, virus types, and devices targeted
- Fixed a bug between the Huntress Portal and Huntress’s backend payment processing system that caused customers to be stuck in the activation state and not receive a Huntress invoice.
- Fixed an issue in the Autotask integration where the primary customer account was not available for selection when mapping Huntress organizations.
- Added a hostname check to the agent deduplication logic in order to determine agent uniqueness when an agent with the same hardware ID registers with the Portal.
- Customers using the Kaseya BMS Integration are now able to load more than 100 records when mapping to Huntress organization IDs. Pagination was added to improve Partner user experience and allow for more efficient page loads.
- Improved Partner user experience and allowed for more efficient page loads in the Portal for Partners with a 1000+ accounts in their Autotask integration.
- Fixed billing address validation checks on the Huntress subscription page, which was causing new customer sign-up issues.
- Changed billing address logic to only require a postal code for US and GB addresses.
The MAV incident report display was updated to match the main Huntress dashboard incident report display, showing active and resolved MAV incidents.
Clicking on Resolved Incidents or Active Incidents will take the user to a pre-filtered view of the incidents reports table.
A “Defender Detections by Week” chart was added to the MAV dashboard.
A “View All Detections” button on the chart now takes users to all Defender detections for the given Org or Account
- Added an opt-out toggle for Partner Admins to opt-out of the Ransomware Canaries service across their account via the account settings. Opting out of the service will remove Ransomware Canaries from all hosts in the account. It may take several days for the removal to complete, and agents must be online for the files to be removed.
- Canaries V2 are currently undergoing Huntress Insider testing. V2 will be rolled out to all Partners later this Summer!
Portal UX + Public Website
- Added additional features to support SSO/SAML rollout to Huntress customers:
- A UI was added for account administrators to setup SAML SSO. Partner Admins can specify the parameters required to set-up SAML for their account (SSO service URL, entity ID, certificate, etc).
- Account administrators can enable/disable SSO. This enables Partner Admins to disable/enable SSO without having to delete and re-create SSO details.
PSA Integration Org Mappings
- Updated the ConnectWise Test Ticket Interface to have more clear error messaging to Partners when a test ticket can not be sent, such as when an Account is missing a default mapping.
- Improved usability of the PSA integration org mapping tables.
- When configuring explicit mappings for PSA integrations, it’s helpful to know and understand what mappings have been created and if there are additional configurations required without having to page through all mappings. This update provides admins with a visual cue to understand how many Huntress orgs still need to be mapped.
- Added the ability to send a test ticket via the Portal for the Kaseya BMS integrations.
- When setting up a PSA integration, it is helpful to have a test ticket sent so that an admin can validate that the integration is functional and have confidence that they will receive incident reports that are sent through the integration.
- Sending a test ticket was already available for ConnectWise manage; this capability has now been extended to other PSA integrations.
Partner Enablement Service (PES)
Asset Tag Filters:
- Built a filter feature to allow users to search marketing assets within the PES dashboard using asset tags. Tags are defined and added to assets by the Huntress marketing team in order to organize/categorize assets.