RocketCyber’s threat detection apps provide solutions for many cybersecurity use cases. Each use case facilitates cyber monitoring opportunities for the managed service provider. Login to your account to turn on preferred RocketApps, no separate installation required.
Each App is purposely built to detect malicious/suspicious activity spanning endpoint, network and cloud attack pillars. When threats are detected, RocketCyber provides you with an actionable triage view and the ability to receive incident tickets to your PSA.
Dark Web ID Monitor
This app will ingest alerts from Kaseya's Dark Web ID Module.
Datto Ransomware Detection
This app will deploy and monitor the Datto Ransomware Detection engine. This engine monitors for file ransomware encryption activity on Windows desktops and servers. When ransomware activity is detected the offending process will be terminated and the device will be automatically isolated from the network.
Log4j Detector The Log4j Detector app will look for vulnerable versions of Log4j and active exploitation of CVE-2021-44228 and CVE-2021-45046 which allows remote code execution via the Apache Log4j library, a Java-based logging tool. The vulnerability allows an attacker that can control log messages to execute arbitrary code loaded from attacker-controlled servers. The Log4j Detector app will do the following: 1. Detect vulnerable versions of Log4j prior to version 2.16.0 2. Detect the attempted exploitation of Log4j using Yara scripts to scan log files.
Office 365 Risk Detection
Focus on the riskiest accounts, users, and behaviors. Determined risk through a combination of industry heuristics and machine learning.
Continuous monitoring for Indicators of Compromise to address emerging and changing threats.
DATTO EDR MONITOR
This app receives events from Datto EDR.
DEFENDER FOR BUSINESS
This app collects detection data and events from Microsoft Defender for Business.
This app collects vulnerability scan data generated by RapidFire Tools Vulscan and feeds back details on all issues including remediation recommendations.
This app collects threat telemetry from Graphus Email Security.
VSA THREAT HUNT
Detects threat artifacts and indicators for the Kaseya VSA RMM.
EXCHANGE HAFNIUM EXPLOIT
Detects threat artifacts and indicators for Microsoft Exchange on-prem.
Monitor Sophos NGAV threat and log activity, then leverage RocketCyber SOC for triaging and PSA incident ticketing
Monitor Passly 2FA log activity, then leverage RocketCyber SOC for triaging and PSA incident ticketing.
BARRACUDA EMAIL MONITOR
Monitor your Barracuda ESS or Sentinel email threats, then leverage RocketCyber SOC for triaging and PSA incident ticketing.
Monitor DNS Filter threat and log activity, then leverage RocketCyber SOC for triaging and PSA incident ticketing.
Monitor your SMB customer email and domain accounts to identify if they have been compromised in a data breach.
DEEP INSTINCT MONITOR
This app reports on Deep Instinct threat detections and brings in the results to the RocketCyber SOC Platform.
PRINT NIGHTMARE HUNT
This app performs critical checks for the Windows Remote Code Execution Print Spooler Vulnerabilities.
IRONSCALES EMAIL SECURITY ANALYZER
This app reports on IronScales email threats and brings in the results to the RocketCyber SOC Platform.
This app reports on BitDefender threat detections and brings in the results to the RocketCyber SOC Platform.
This app reports on Cylance threat detections and brings in the results to the RocketCyber SOC Platform.
This app reports on Webroot threat detections and brings in the results to the RocketCyber SOC Platform.
This app reports on SentinelOne threat detections and brings in the results to the RocketCyber SOC Platform. This app supports remediation actions and whitelisting.
This app provides full multi-tenant command and control of Microsoft Defender. Now you have the power to utilize the advanced capabilities including Attack Surface Reduction, Advanced Ransomware protection and more.
FIREWALL LOG ANALYZER
This app provides multi-tenant firewall log monitoring acting as a syslog collector. Messages are parsed, analyzed and enriched with threat intel for potential threat indicators. When a threat or security event is detected, meassage details show up in the console.
OFFICE 365 LOG MONITOR
Multi-tenant event log monitor for all accounts linked to Microsoft Office 365 providing visibility into users, groups, Azure Active Directory activity and more.
OFFICE 365 LOGIN ANALYZER
Detects successful and unsuccessful logins outside the expected countries, known malicious IP addresses and adversaries, exposing unauthorized authentication activity.
OFFICE 365 SECURE SCORE
Overall description of cloud security posture with itemized remediation plans across all Office 365 tenants.
ADVANCED BREACH DETECTION (TTPS)
Continuous monitoring app for attacker Tactics, Techniques, & Procedures that circumvent security prevention defenses such as Anti-virus and Firewalls.
CYBER TERRORIST NETWORK CONNECTION
This app detects network connections to nation states that are known to engage in cyberterrorist activities targeting small businesses.
MALICIOUS FILE DETECTION
Monitors and detects malicious files that are written to disk or executed. This app is used as a backup for detecting malicious files that slip past your primary Anti-virus solution.
SUSPICIOUS NETWORK SERVICES
Monitors TCP & UDP services that are commonly leveraged for malicious intent and detects unnecessary services mitigating a potential backdoor.
Detects suspicious tools that should not be present on SMB networks such as hacking utilities, password crackers, etc. used for malicious intent.
CRYPTO MINING DETECTION
SYSTEM PROCESS VERIFIER
Analyzes system processes for known suspicious or malicious behaviors based on various factors including disk image location, timestamp fingerprinting and Levenshtein distance calculations.
ENDPOINT EVENT LOG MONITOR
Microsoft Windows & macOS event log monitoring detects and alerts security related activities such as failed logins, clearing security logs, unauthorized activity, etc.Read More
ACTIVE DIRECTORY MONITOR AND SYNC
This app will monitor for changes to user accounts in Active Directory and synchronize changes to the Breach Secure Now Cloud. Optionally reporting changes to the RocketCyber Console