Frequent Questions

Threat Hunting is the operation of proactively seeking cyber threats that go undetected in a network. RocketCyber's hunting finds malicious actors in your network that evade defenses such as firewall and antivirus systems. Once a malicious actor has established a foothold and persistence on a computer, many MSPs lack the advanced detection capabilities to seek and deter the advanced persistent threat from residing on the network. This is why threat hunting is an essential component of any MSP's SOC - security operation center and defense strategy.
All RocketCyber subscriptions include hunting capabilities via the Ondemand Hunts, Advanced Threat Hunt app, and the automated threat intelligence hunt feeds. The current 17 hunt test methodologies supported are:

Threat intelligence in its most basic form, is a repository of malicious artifacts, including IOCs (indicators of compromises), IOAs (Indicators of Attack), along with many other data elements such as who are the attackers, what industry is being targeted, etc.
There are numerous vendors that provide free and paid subscriptions to such repositories of intelligence. The challenge for most MSPs or SOCs is what to do with this intel. RocketCyber integrates with threat intelligence vendors to put this intel into action, consuming the artifacts and delivering a threat verdict while answering questions such as:

After creating a New Customer, a wizard is presented for deployment options. Alternative, navigate the Customers tab, and select deployment link next to the customer name.
RocketCyber Windows deployment options include a native GUI installer, PowerShell copy/paste script, PowerShell downloadable file, and through a number of popular RMM-Ready scripts such as Kaseya, Solarwinds, Connectwise, Datto, Syncro, Ninja and more. For macOS and Linux, a curl script is available.

When RocketCyber detects malicious and/or suspicious findings, incident tickets are delivered to your MSP's ticketing system.
Our current notification options include a native SMTP email alert configuration or alternatively through our API integrations with Kaseya, Autotask, Connectwise or Syncro PSAs.

When an attacker gains a foothold on the network, Tactics are defined as the tactical stage, also known as the goal of the attacker. Techniques are defined as the technical operation carried out in order to obtain the goal.
Example Tactic - Establish persistence on a windows computer. While there are numerous techniques in order to accomplish this goal, an example technique - Adding entries to the run keys in the registry or startup folder, result in an attacker maintaining their precense under the context of the user in addition to obtaining the same level of access permissions.

Politely put, the majority of almost every breach victim over recent times had such cyber defenses in place also.
Breach Detection was developed specifically to detect intruders who have already evaded such firewalls and antivirus systems. It is equally important to reduce the 'dwell time' when an intruder does gain access to the network and deter their activity before the last tactical goal has been accomplished, which in most scenarios is the theft of data.

RocketCyber collects syslog data and then pasrses the relevant information needed to monitor for malicious activity. Most firewall vendors support the creation/forwarding of syslog data to the RocketCyber collector. If you have a firewall vendor that does not support syslog, contact your representative to determine an alternitive method such as a RESTful API.
The firewall vendors we continuously test in our labs are:

Supported operating systems

RocketCyber offers a full trial with all features for the Managed SOC. You can monitor unlimited endpoints, firewalls and Office 365 users. Add as many customers as you desire. The first 21-days are free. When the trial expires and you like our service, subscribe to the monthly SOC subscription.

All development is performed by US Citizens and located adjacent to our SOC Team in the heart of God's country - Dallas, Texas.

The default configuration for the Cyber Terrorist Monitoring app detects any type of network connection to the Department of Homeland Security's embargoed list of terrorist countries also known to perform hacking activities targeting small-medium businesses.
The RocketCyber Threat Map provides a visualization of detected connections in a war games type visualization. By clicking the details, we provide what started the connection along with technical details and threat reputation intel on the remote connection.