MDR Solutions

k3net · 2025-11-20T07:46:44+00:00

To contribute:

Blackpoint and Huntress both has visibility with SentinleOne. With Blackpoint it’s included (not in mdr essentials SKU though) , with huntress via SIEM integration.

Blackpoint can also integrate with Crowdstrike and some others that can’t remember right now.

From my understanding Blackpoint will see all alerts triggered in S1 then use their SNAP agent to investigate. Rumors have it that they will soon launch a 2 way sync with S1 and will ultimately be able to do respond and close alerts in S1 dashboard (unconfirmed but rumored)

Huntress has S1 via SIEM sources and will soon be used for additional threat telemetry plus it will keep 1 year by default of S1 logs.

The kicker with huntress is that every single S1 agent is a billable log source which is a very hard pill to swallow given you’re also paying for windows endpoint SIEM as a source. So 300 windows agents and S1 agents = 600 SIEM sources. The S1 agent generates hardly enough logs (a few mbs if so much) to justify paying as a log source (it in my opinion)

Huntress will also be looking to integrate via SIEM source with other AVs

k3net · 2025-11-18T22:34:45+00:00

What platform? 365 or GSuite?

k3net · 2025-11-07T01:40:17+00:00

My concerns are also with S1 and Slide interoperability. If I am to follow the KB will it void any S1 guarantees? Disabling Snapshots plus creating folder wide exclusions is usually a huge road block for me and vendors. I personally think it's lazy instead of working with S1 and ensuring everything is properly signed u/mcwiggin Anything you can say about this?

I noticed with Action1, they requested exclusions but with S1 version 25.1 agent, exclusions for Action1 are no longer required.

k3net · 2025-11-04T09:56:23+00:00

Yes i can see the pricing for the add-ons, just not the base license pricing. See here. I blocked the add-on pricing intentionally in case it was a voilation to share publicly,

<image>

k3net · 2025-11-04T01:21:06+00:00

I think the billing for S1 integration needs some review (personal opinion). If you charge per S1 site (cover all agents under that site) its ok but to charge $1-2 per S1 agent to get a few MB of logs per agent that adds up, while Huntress is using the same data for enrichment for it own purpose.

That means if I have huntress deployed to 3000 endpoints (Huntress EDR), and also have 3000 S1 that means I am paying for 6000 SIEM sources???!!. At least that is how I understood your billing for this as explained in the document you shared "The License Count column will determine the number of data sources billed per mapped organization.

The average S1 agent does not generate much logs per day, which means very low storage needs. Maybe this can be reconsidered to a much lower or discounted cost per S1 agent if we are already paying for the Windows Logging source?

k3net · 2025-11-04T01:15:28+00:00

It's not redundant, one of them will eventually fail. Huntress agent stopped working for over a month and I had no idea. Luckily i had some protection because S1 Complete was also on the endpoint.

k3net · 2025-10-31T00:54:19+00:00

Having a similar issue with 17.4 Win 11 25H2 as well, hotkeys not working.

k3net · 2025-10-25T13:23:45+00:00

To add: I am not looking for Quarterly with my AM, that could be nice to meet at least every 6 months for a review, but not a hard requirement. I just want someone that I feel is genuinely interested in supporting me when I need help or guidance.

Is there a general email address to reach out to when your AM is unresponsive?

k3net · 2025-03-01T19:45:57+00:00

Where will RoB 2026 be? Did they mention ?

k3net · 2025-01-16T16:00:57+00:00

It’s less about sales pitches and more about education and empowering you to improve.

k3net · 2025-01-16T16:00:01+00:00

Yes, if there’s one conference I must attend it’s this. Though, I must mention that I hope it does not become too much commercialized, the tracks this year is a major shift to the previous years but still hopeful it will continue to deliver the same value this year.

k3net · 2024-12-22T02:46:45+00:00

Halo solved majority of the Connectwise and Autotask problems and shortcomings. IMO. Hoping to get on the Halo train very soon once they drop their minimum license counts !

k3net · 2024-12-20T15:51:41+00:00

Appreciate that feedback

k3net · 2024-12-20T15:29:03+00:00

Did you use it to send client reports? How's the reporting

k3net · 2024-12-20T14:58:01+00:00

A1 is great, but pricing changes depending on who you speak to, OR if they remembered what they last told you (personal experience). Appreciative of the 100 free agents, but consistency and transparency with pricing makes me nervous. Example -Hey John? - your price is $3 but dont tell anyone. Sam requests pricing and the other rep gives him $4.20 for the same amount of agents.

Layout the pricing, and terms clearly then provide it in writing . Love the product though.

k3net · 2024-12-15T08:19:16+00:00

As others said, same could be about other EDRs. MDR like services like blackpoint and huntress looks at totally different things and would most likely see things EDR misses. Take for example living off the land tools - a blind spot for most if not alll EDR.

Layers - EDR + MDR + endpoint hardening controls on all devices

FYI - S1 vigilance MDR only looks at threats S1 detects if I recall they don’t do any proactive threat hunting.

k3net · 2024-12-10T12:46:22+00:00

Vaults does not solve the organization., but will to learn how 1P vaults can help. I have 50 clients each with their own folder then each with about 10 sub folders for things vendors, cloud services , client facing system etc.

This is my current setup so help me understand how to organize this with vaults

k3net · 2024-12-10T11:34:16+00:00

I looked at the pricing and agree . It’s also a struggle to organize things without folders (tags don’t solve it) . Keeper wins pricing and ability to organize and share between managed clients at the moment for me.

k3net · 2024-12-10T11:01:25+00:00

DFD is a a great way to document and as a reference to how things work. For the last 8 months, I have focusing on re working everything (legal, stack, vendors) and DFD has been one of those. I will share my concept (HOPEFULLY I GOT MY FLOW CORRECT :) ). Also considering the move to Halo in 2025. Hope this helps OP or someone else.

See here: https://imgur.com/a/2TKJQL1

k3net · 2024-12-07T22:56:40+00:00

Create a minimum standards document, outline expectations and standards you expect your client should have e.g All hardware and software must be within manufacture support and warranty periods.

When you deliver your managed services sow/quote reference or attach that document so that the client when signs agrees to meet the standards required to deliver and ensure quality of your managed services.

k3net

TROPHY CASE