RocketApps are highly configurable. Here's how.
Some RocketApps allow configuration to your environment's needs. These configurations allow you to specify what threat types to monitor for or exclusions to reduce false positives.
Configure An App
1. Click on Configure for the relevant Rocket App.
Apps can be configured at the Provider, Organization, or Device level.
Each level inherits from higher levels, but more specific configurations (i.e. configuration at a lower level) will trump general settings.
Configurations made at the Device level will supersede configurations made at the Organization level, which will supersede configurations at the MSP level.
For example, if you want to enable the Advanced Breach Detection T1007 - System Service Discovery across your organization, you can make that configuration modification at the MSP level. All Organizations and devices within that MSP's context will now have T1007 enabled. If you found that one Organization or a single Device should not have T1007 enabled, you could then turn it off within that context.
The inherited configuration that a device is running can be viewed by accessing the configuration for the relevant RocketApp under that device's App section.