RocketApps are highly configurable. Here's how.
Some RocketApps allow configuration to your environment's needs. These configurations allow you to specify what threat types to monitor for or exclusions to reduce false positives.
Configure An App
1. Click on Configure for the relevant Rocket App.
Apps can be configured at the MSP, customer, or device levels.
Each level inherits from higher levels, but more specific configurations (i.e. configuration at a lower level) will trump general settings.
Configurations made at the Device level will supersede configurations made at the Customer level, which will supersede configurations at the MSP level.
For example, if you want to enable the Advanced Breach Detection T1007 - System Service Discovery across your organization, you can make that configuration modification at the MSP level. All Customers and devices within that MSP's context will now have T1007 enabled. If you found that one Customer or a single Device should not have T1007 enabled, you could then turn it off within that context.
The inherited configuration that a device is running can be viewed by accessing the configuration for the relevant RocketApp under that device's App section.