RocketCyber SOC Platform Update Summary Sept 2020
-
Sept 28, 2020
-
Billy Austin
This RocketCyber SOC Platform Update includes: Bugfixes, Updates, Features and New Apps that are available now.
- September we expanded our RESTful API preparing us for future App, PSA and Partner integrations. This effort enabled us to replace legacy PSA integrations with a more robust bi-directional communication between RocketCyber incident tickets and the PSA. As always, we encourage reporting bugs to support here and new feature or app requests here.
Apps
-
- New IRONSCALES Email Security App is now available. Help Doc | Configure IRONSCALES
- Firewall Log Analyzer changes:
- Added configuration checks for most firewall brands | login failures, admin logins, ...
- Development for Juniper firewall commenced
- Microsoft 365 Manager - Added if Microsoft 2FA is enabled/disabled by users monitored
- Cyber Terrorist Network Connections - Added an 'Enable All Gelocations' expanding TCP/UDP connection monitoring coverage
- SentinelOne AV Monitor - Fixed triage column not displaying Host Name data for Incident Ticket view
Dashboard
-
- New Added data retention log policy - Managed SOC threat data to remain in the dashboard for 30 days and the archival of historical data for 365 days (archive state starts Oct 8)
- New Enable 2FA at root MSP or Customer level forcing 2FA downstream for users
- New Integrations top level nav to connect API's for PSAs & Threat Intel
- New Added configuration to set autologout duration for console users
- Added phone number field to Provider Settings / Incident Notifications for critical verbal threat response
- Fixed searching logic to query by HOST or MAC Address | Console / Devices
Agent
-
macOS:
- updated agent improving CPU/memory utilization
- added support for Apple's next release 'Big Sur'
API | Integrations
-
- New Autotask PSA RESTful Integration with ticket configuration
- New ConnectWise PSA RESTful Integration with ticket configuration
- New Import, Map and Sync PSA customers to RocketCyber
- RESTful API v1 released to support provisioning, threat details, incident tickets & billing
- Added API Key generation to Console / Provider Settings
- Added Integrated vendors to website Resources / Developers / Integrations
Knowledgebase | Help Docs
Press | News | Blog
-
- Sept 9 - Blog: Cyber Cases from the SOC - Fileless Malware Kovter. Read
- Sept 11 - Blog: What is a SOC & why you need one. Read
- Oct 28 - Next SOC-as-a-Service Webinar Register