Getting Started with RocketCyber SOC

This article provides guidance on the recommended steps to begin the on boarding process with RocketCyber.

The 24/7 cyber security monitoring service is about to begin providing insight across your Endpoint, Network and Cloud attack vectors. To see how your security stack aligns with the RocketCyber SOC, you can visit our frequently updated integrations site.

Secure your login account with 2FA 

Navigate to Provider Settings > Details and Settings

Enable branding and/or 2FA for accounts on the Details and Settings tab

Branding: Upload your logo

Permissions: Add users at the Provider level if needed

Notifications: Add an Email to receive incident notifications via email and a phone number in the event the SOC needs to make contact regarding an alert. Multiple emails can be entered, comma separated with no space.  *NOTE: Incident notifications are sent either through the PSA integration ticketing system or to the email(s) entered on the Notifications tab, but will not send both. 

AppStore - Browse the AppStore to disable/enable apps while you are in context as the Provider. This will apply your choice of apps downstream to all tenants created.

Add Organizations(Provisioning tenants)

• by PSA Integration (bulk) - The most popular option for on boarding organizations is to add your PSA's API Key. This enables you to have a fully integrated ticket communication from the RocketCyber SOC. For provisioning, the PSA integration offers a bulk import wizard, presenting an option to choose all or selective organizations you desire to onboard. See Importing Organizations from PSA.
• by Add Organizations Drop down (individually) - from the menu click "Add Organization" and give the organization a name. (My MSP Internal Network).

Defense-in-Depth (Layered Security) - now it's time to begin the threat monitoring process for your first organization. This will be accomplished in several parts:

1. Agent deployment - (Endpoint threat data) agents can only be deployed on the organization level. Navigate to All Organization / Organization Deployment / select your preferred method of delivery, i.e. RMM script, PowerShell. Upon deployment, devices will be in continuous cybersecurity monitoring mode identifying malicious/suspicious activity. The type of threat activity is dependent upon the apps you've enabled from the AppStore in addition to other integrations outlined below. Agent Deployment methods.
2. M365 Configuration - An Azure Premium P1 or P2 license is required to set up threat detection for Microsoft Cloud. See Configuring Office 365 Apps for set up instructions.
3. Integrations Configuration: Third party apps can only be configured on the Provider level. See additional resources here: Endpoint Security, Integrations, PSA
4. Firewall configuration - (Network threat data) Firewall integration can only be configured on the organization level. Navigate to the dashboard and find the Firewall Log Analyzer app. See Configuring the Firewall App.