Managed SOC Updates

March 2023 February 2023 January 2023
REL-20230330
March 30, 2023

New Incident Suppression Feature Reduces Unwanted Alerts

The new Incident Suppression feature lowers the “noise” of unwanted alerts by providing administrators the ability to create flexible rules based on details and attributes from within an incident. Incident Suppression can be applied at the MSP level or for specific groups of customers. Additionally, rules can be applied to run for a specific timeframe (i.e., only apply for the next 30 days) to make it easy to accommodate temporary changes with infrastructure or employees.

For more details on this release, please refer to this article.

REL-20230306
March 06, 2023

Login Screen UI Updates to Match Kaseya’s Common Look and Feel

The login screen and “forgot password” workflows have been updated to match the common look and feel of Kaseya portfolio products to provide a similar experience across applications. This is part one of several upcoming updates that will move towards the same feel across Kaseya products.

REL-20230228
February 28, 2023

Increased Verdict Accuracy and Reduced False Positives with VirusTotal

The RocketCyber agent uses threat feeds and intelligence to make determinations about the files, addresses and processes that are detected by our behavioral rules to better disposition these objects and determine whether they are malicious. We are moving our IP and File lookups to VirusTotal. VirusTotal returns better threat dispositions and uses more detection engines to return a higher fidelity on threat lookups, resulting in increased verdict accuracy and reduced false positives. This change has been automatically made to all accounts and no administrative action by customers is necessary.

REL-20230215
February 15, 2023

New Feature to Handle PSA Errors

There are times where an error is received from a PSA when RocketCyber is attempting to create or update a ticket from an incident. We have released a new feature that will retrieve and write any error received from the PSA (URL unavailable, insufficient permissions, etc.) to better point administrators and support representatives in the right direction towards resolving the failure. An example screenshot is provided below:

REL-20230207
February 07, 2023

New Agent Improves Performance and Resolves Memory Leaks

A new agent has been released across Windows, macOS and Linux in order to improve performance and resolve potential issues with memory leaks. The agent update is automatic and no administrator activity is required. The new versions are listed below:

REL-REL-20230131
January 31, 2023

Three New Features Released: Datto Ransomware Detection, Remediation Actions, Webroot AV Integration

Datto Ransomware Detection APP

The new Datto Ransomware Detection APP will monitor for file encryption activity, and can terminate the encrypting process, isolate the device and notify the SOC in order to contact you via your emergency notification telephone number(s). This APP needs to be enabled by the administrator (no additional fee or charges). To enable the APP, go the left-hand navigation at the top level (MSP Level), select App Store, find the APP shown below and flip the switch to “On.”

For details, please read this KB article.

Incident Remediation Actions

For some types of RocketCyber Incidents, if RocketCyber can run a remediation script to resolve the finding, it will be shown as an option in the Action Drop Down within the Incident Details as shown below:

Currently, this will appear for incidents that the SOC has manually created (such as removing a file, registry key, etc.). This will be expanded in Q2 2023 to cover other types of automatically generated incidents.

New Webroot AV Integration

We have rewritten the Webroot Monitor APP to reduce the number of API calls needed to obtain threat telemetry. This greatly reduces the notification time between Webroot and RocketCyber. If you currently have a Webroot integration configured, you will need to reconnect RocketCyber to your Webroot console following these instructions.

REL-20230117
January 17, 2023

New Incident Page Layout

The new incident page layout will reduce the amount of time and clicks it takes to manage incidents for Administrators and SOC analysts. The new page layout contains improved Search features, as well as the ability to download incident lists and view more items per page.

Some of the improvements:

  • Simple Search for text contained in the Incident Title
  • Advanced Search to add criteria to your search
  • Text search fields are no longer “case sensitive” and can return results on partial text entries
  • Ability to search on Resolved date
  • Ability to search on Incident ID
  • Download complete list or filtered search results

For full details, please read this KB article.