Access your Webroot AV threats on your RocketCyber dashboard
Important Note: The requirements for this integration were changed on Jan 31st, 2023. If you were directed to this article and have an integration with Webroot already set up, it is recommended to Clear Credentials in your existing integration(within RocketCyber), and follow the steps below. The main change is that there is now an additional step when creating the Client Credential where you enable Notifications. It is likely best to destroy the old Client Credential you used in RocketCyber previously, and create a new Client Credential with Notifications enabled, per the instructions below.
To set up your Webroot App on RocketCyber, you will need the following pieces of account information:
3. Client ID
4. Client Secret
5. GSM Key/Parent Keycode
You will need to have your Webroot instance configured as an MSP for the API access menu to be visible.
How to Set Up
- Collect needed Webroot login information
- Log on to your Webroot dashboard
- Go to Settings
- Go to Unity API Access
- Select New
- Enter a name and description so that you will remember what these credentials are used for, then click Next
- Be sure to select Yes to the question "Do you plan to use the event notification API", and select EDR/MDR service in the question "How do you plan to use the event notification API?" Important: If you skip this step, the integration will not ingest detection data into RocketCyber
- Write down your Client ID and Client Secret. You will need these to configure the integration
- Now, back on the Settings menu, go to Account Information
- Write down/copy your Parent Keycode (sometimes called GSM key). You will need this to configure the integration.
- Enable the Webroot App in RocketCyber's App Store if you have not already done so
- Configure the Integration in RocketCyber
- Log into RocketCyber at the Provider level, and click Integrations on the left Nav
- Select Endpoint Security, then Webroot Monitor
- Enter each piece of information previously collected into the box labeled with its name. Select Credential Test to verify the information is correct, then select Authenticate.
- If your credential integrated successfully, a table will appear to map the name of your RocketCyber accounts to your Webroot accounts. This allows Webroot detections to be automatically routed to the correct organization and create PSA tickets under the correct organization. The Webroot "Entities" will load on the left side of the screen. The drop-downs on the right should be the RocketCyber organization that corresponds to the Webroot Entity. Complete the mapping and click Save Map at the bottom of the page
- Enjoy the convenience of Webroot threats delivered directly to your RocketCyber dashboard!
- If at any time you wish to revoke that token, you can delete the API credentials in your Webroot dashboard by following steps 1A-1C, then select the credential you wish to delete and click the Delete button
- If you add new organizations to Webroot and RocketCyber, you can refresh the organization list by clicking Pull Tenants to load any new organizations and map them.