RocketCyber SOC Platform Update Summary July 2021
July 13, 2021
This RocketCyber SOC Platform Update includes: Bugfixes, Updates, Features and New Apps that are available now.
- This release includes our latest development efforts and we are very enthused to announce a number of new exciting updates to the MSP industry. As always, we encourage reporting bugs and feature requests here.
- New EMEA Data Center instance in Dublin, Ireland
- New Expanded Dallas SOC with a Physical SOC location and team based in Miami, FL
- New - Print Nightmare Hunt - Checks Windows Remote Code Execution Print Spooler Vulnerability CVE-2021-34527 App. 1. Checks if the print spooler service is enabled 2. Scans the %SystemRoot%\System32\spool\drivers for suspicious files 3. Checks the windows registry for PointAndPrint settings 4. Checks for the presence of patches related to CVE-2021-34527.
- New - VSA Threat Hunt App - detects numerous IOCs, TTPs, registry key values, malicious files, complimenting the previous detection capabilities from our Breach Detection and TCP/UDP apps, all before the encryption executes.
- Fixed Office 365 Failed Login Analyzer - bug where white listed countries were reporting data
- Fixed Office 365 Secure Score and Risky User app - bugs where data was not populating
- New Firewall Log Analyzer - Added support to exclude unwanted network devices in the syslog by IP and MAC address. - Added firewall log monitoring support for:
- Palo Alto
- Sophos UTM
Dashboard | Reporting
- Fixed Dashboard loadtimes, increased backend performance for better navigation and usability while eliminating timed out error pages
- Updated Office 365 Failed Login Analyzer - added the ability to configure 365 Login settings from the root MSP account, applying any changes downstream to all tenants
- Fixed bug not generating 30-day reports
- Fixed bug where a expired account banner was displayed on dashboard for some customers
- added support for Apple's M1 chip and improved performance for Big Sur
- Fixed agent bug released on July 1 causing some devices to have been removed
- Fixed websocket communications to our backend where some agents had to be restarted due to a Heroku outage on July 7
- Fixed agent offline/online light indicator bug where an agent was perceived offline under unique scenarios
- Updated remote operations to improved remote log requests and device isolation capabilities
API | Integrations
- Updated Kaseya BMS PSA RESTful Integration: to better provision new customers and enhanced ticket routing setup
- Fixed ConnectWise and Autotask PSA mapping bugs where all customers were not being pulled
- Fixed BitDefender & SentinelOne issues when authenticating to non-US domains and now support user specified API URL configurations
- Updated Moved Cylance configuration to the root MSP Integration section
Knowledgebase | Help Docs | Data Sheets
Press | News | Blog
- US & EMEA - SOC Team back in person and presenting on the road at Connect IT Register