RocketCyber SOC Platform Update Summary Sept 2020

• Sept 28, 2020
• Billy Austin

This RocketCyber SOC Platform Update includes: Bugfixes, Updates, Features and New Apps that are available now.

• September we expanded our RESTful API preparing us for future App, PSA and Partner integrations. This effort enabled us to replace legacy PSA integrations with a more robust bi-directional communication between RocketCyber incident tickets and the PSA. As always, we encourage reporting bugs to support here and new feature or app requests here.

Apps

• • New IRONSCALES Email Security App is now available. Help Doc | Configure IRONSCALES
  • Firewall Log Analyzer changes:
    • Added configuration checks for most firewall brands | login failures, admin logins, ...
    • Development for Juniper firewall commenced
  • Microsoft 365 Manager - Added if Microsoft 2FA is enabled/disabled by users monitored
  • Cyber Terrorist Network Connections - Added an 'Enable All Gelocations' expanding TCP/UDP connection monitoring coverage
  • SentinelOne AV Monitor - Fixed triage column not displaying Host Name data for Incident Ticket view

Dashboard

• • New Added data retention log policy - Managed SOC threat data to remain in the dashboard for 30 days and the archival of historical data for 365 days (archive state starts Oct 8)
  • New Enable 2FA at root MSP or Customer level forcing 2FA downstream for users
  • New Integrations top level nav to connect API's for PSAs & Threat Intel
  • New Added configuration to set autologout duration for console users
  • Added phone number field to Provider Settings / Incident Notifications for critical verbal threat response
  • Fixed searching logic to query by HOST or MAC Address | Console / Devices

Agent

• macOS:
  • updated agent improving CPU/memory utilization
  • added support for Apple's next release 'Big Sur'

API | Integrations

• • New Autotask PSA RESTful Integration with ticket configuration
  • New ConnectWise PSA RESTful Integration with ticket configuration
  • New Import, Map and Sync PSA customers to RocketCyber
  • RESTful API v1 released to support provisioning, threat details, incident tickets & billing
  • Added API Key generation to Console / Provider Settings
  • Added Integrated vendors to website Resources / Developers / Integrations

Knowledgebase | Help Docs

• • New Configure IRONSCALES App
  • New Setup Alienvault OTX Threat Intel API
  • New Open & Close Tickets from PSA
  • New Import Customers from PSA
  • New Get Autotask API credentials
  • New Get ConnectWise API credentials
  • New Microsoft Defender Tamper Protection
  • Updated Configuring Windows Defender

Press | News | Blog

• • Sept 9 - Blog: Cyber Cases from the SOC - Fileless Malware Kovter. Read
  • Sept 11 - Blog: What is a SOC & why you need one. Read
  • Oct 28 - Next SOC-as-a-Service Webinar Register