Feature Request

Currently, the URL risk detection in DefensX relies heavily on urlscan.io , which sometimes fails to identify or classify malicious domains in real time. We recently faced a customer downloading bits from x1.vototao9.ru , which was flagged by DefensX as uncategorized but later confirmed as malicious by other feeds and our internal investigation. To enhance threat coverage and reduce reliance on a single source, it would be valuable to integrate additional IOC feeds, such as: • ThreatFox ( abuse.ch ) • URLhaus • OpenPhish or PhishTank Proposed Feature: • Enable ingestion of IOCs from multiple public and reputable feeds (e.g., domains, URLs, hashes). • Correlate and enrich detections using these sources in parallel with urlscan.io . • Allow users to enable/disable specific feeds or set confidence levels. Impact: Improved detection accuracy for malicious URLs and domains, especially in phishing and malware distribution scenarios. Example: • Case: vototao9.ru was undetected by urlscan but flagged as malicious in ThreatFox. • This integration could have prevented the missed detection. ⸻

Currently when we receive a request to a MS Teams channel, the button takes us to a page to review the request and add to a URL group. If, however, we want to reject/close the request, we have to login to the main application and go to User Requests, find it, and then close it. It would be ideal to either have a button in the Teams adaptive card, or on the page that we're taken to to review the request.

In our environment we utilize two different software product types in ConnectWise - Licensed for Cloud software (Office 365, DefensX, etc.) and Boxed for on-premise software. The DefensX-ConnectWise integration only allows us to utilize a separate Software type. It would be great if we can customize these, and be able to change the details of the product for the catalog after the synchronization so that we can customize our environment as needed.

We have clients with compliance requirements that we would love to move away from Cisco Umbrella and other providers but the one thing stopping us is the log retention and lack of integration with SIEM providers. I saw another Feature Request for Connectwise SIEM integration but I'm sure Huntress is another big one for people. Here is the feature request on the Huntress side. https://feedback.huntress.com/siem/p/defensx-integration-for-dns-filtering

Would like to request an integration for MSPs. Was wondering if integration with ScalePad Lifecycle Insights could be looked into. Goal would be to have license counts, alerts/notifications, reports be filtered to portal. Goal as MSP is to have this type of information go to lifecycle insights for client managers and sales to grab data for QBRs/meetings with clients that we manage easy and efficiently. Link: https://www.scalepad.com/lifecycle-insights/integrations/

Integrating ConnectWise SIEM with multi-tenancy support would greatly enhance the value of DefensX integration. This improvement would facilitate more efficient threat monitoring and response across multiple client environments, allowing Managed Service Providers (MSPs) and security teams to manage and scale their operations securely and effectively.

An elastic SIEM integration capable of multi-tenancy would be helpful and help a lot of other SIEMs as a lot are using Elastic on the backend.

Please add support for additional integration into SIEM solutions, such as Arctic Wolf, eSentire and Sumo Logic as SIEM deployments are becoming more of a standard.

We would like to have the ability to create users for the partner portal without having access to the "Customer-Self" client as that is the customer for our own MSP. We would also like to limit the roles that certain people have in the portal to perhaps read only, or limited roles that cannot modify policies and can only add to allow lists It would helpful to allow members of our projects team to provision new clients in the portal without them having the ability to delete clients, or to view our own company

We love having DefensX create tickets for user reqests via the api. However today the API integration is broken and we've missed some user requests. It would be really great to be able to set fall back notification options so that if an integration goes down we can still get the notifications some other way. For us Ideally the mesaging would include a note about the API being down, but I could see some clients would want to send notification of API integration failures to a notification email address, and User request that was supposed to generate a ticket to a different email address, so having both as options on the Integrations would be great!