RocketCyber SOC Platform Update Summary Aug 2020

RocketCyber Updates Aug 2020

This RocketCyber SOC Platform Update includes: Bugfixes, Updates, Features and New Apps that are available now.

  • August has been a great month and we are stoked about bringing the energy and customer feedback to an even better September. As always, we encourage reporting bugs to support here and new feature or app requests here.

Apps

    • New BitDefender NGAV App is now available. Help Doc | Configure BitDefender
    • SentinelOne NGAV App updated to support performing actions from RocketCyber SOC:
      • Analyst Verdict: False Positive, True Positive, Suspicious, Undefined
      • Incident Status: Unresolved, In-Progress, Resolved
    • NGAV App Customer Mapping – all supported AV vendor apps now include the ability to map AV Customer_Name to SOC Customer_Name aligning threat data. Help Doc | Configure AV Mapping
    • NGAV Vendor Apps - API configuration is now setup at the root MSP level
    • Firewall Log Monitor changes:
      • Added support for Cisco ASA. Help Doc | Configure Cisco ASA
      • Improved Ubiquiti log support. Help Doc | Configure Ubiquiti USG
      • Added firewall counter to triage view showing number of events parsed, filtered and reported
    • Microsoft 365 Log Monitor - added support for detecting email forwarding rules and identifies if rule is active/inactive
    • Microsoft 365 Logon Analyzer - added white list a user from a specific geolocation
    • Threat Hunting – fixed threat intelligence hunt feeds that were delayed in a queue
    • Cyber Terrorist Network Connections – identifies TCP/UDP port and protocol, and takes it a step further to identify unauthorized activity. E.g. Inbound RDP connection on 3389 from Russia successfully logged on as Anonymous User.
    • Breach Detection – added new Mitre Att&ck TTPs for macOS
    • All apps producing a threat event now include a JSON download option in the details

Dashboard

    • New Device isolation – Isolate a device to contain the spreading of a threat is available from the Incident Tickets & Device Details section in addition to reconnecting the device
    • New Threat remediation – ability to fix a threat from an incident ticket
    • Dashboard widgets can be added/removed by toggling the On/Off button for the security apps you desire from the AppStore
    • Device Management now includes filtering, sorting and data exports in addition to a date picker
    • Device Management now includes a section showing all firewalls managed
    • All apps from the dashboard triage view now include a CSV/XLSX download option
    • Microsoft 365 Log Monitor - added support for detecting email forwarding rules and identifies if rule is active/inactive
    • Microsoft 365 Logon Analyzer - added white list a user from a specific geolocation
    • Threat Hunting – fixed threat intelligence hunt feeds that were delayed in a queue
    • Cyber Terrorist Network Connections – identifies TCP/UDP port and protocol, and takes it a step further to identify unauthorized activity. E.g. Inbound RDP connection on 3389 from Russia successfully logged on as Anonymous User.
    • Breach Detection – added new Mitre Att&ck TTPs for macOS
    • All apps producing a threat event now include a JSON download option in the details view

Agent

    • Windows – enhanced performance and reduced CPU / Memory requirements
    • macOS – fixed a memory leak

API

    • RESTful API v1 is in the works to support provisioning, threat data and additional 3rd party integration

Knowledgebase | Help Docs

New and/or improved help documents for threat app configurations.

Press | News

Share Post:
Follow RocketCyber


Subscribe to Blog