Getting started with RocketCyber

By choosing RocketCyber, you and your organization gain access to a range of benefits that enhance your cybersecurity:

• The platform is cloud-based. Therefore, no hardware is required. Data is collected through a lightweight software agent.
• RocketCyber seamlessly integrates with your existing security stack, offering popular PSA and RMM integrations for ticketing, provisioning, and deployment.
• It triages threat data and escalates threats that require immediate attention as security incidents. The incident record includes suggested steps to remedy the situation and the ability to isolate threats.
• The platform includes a built-in app store so MSPs can easily enable applications necessary to secure their environment. Featured apps include Breach Detection, Event Log Monitoring, Office 365 threat detection, and Firewall Monitoring.
• RocketCyber is SOC-compliant. It is a certified and audited SOC for SOC II and HIPAA.

RocketCyber’s Managed Security Operation Center (SOC) is a managed detection and response (MDR) service supporting the RocketCyber platform. This service consists of an elite team of security veterans and experts who proactively hunt and investigate threat activity, triage detected threats, and work with your team to address actionable threats that are discovered. To learn more about RocketCyber's Managed SOC and its key features, refer to Managed SOC-Brochure.

• Click Kaseya 365 Endpoint Pro, find your RocketCyber module, and click Activate (the Activate button will continue to be displayed even after the module has been activated).

• The Set your password page will open.

• Type a password in the Password field . Then, retype your password in the Password confirmation field and click Set my password.

• A pop-up message will open, prompting you to accept the terms of service before proceeding. Click Terms of service if you wish to read them. Select the check box and click Accept to agree to these terms and proceed.

  

Self-guided onboarding

The self-guided onboarding feature provides on-demand interactive help and introduces users to crucial RocketCyber features and how to use them through pop-up menus:

• After accepting the terms of service, the self-guided onboarding feature is initiated with a welcome pop-up announcement. Click Start exploring to begin the onboarding walkthroughs.

  

• Hover over any module in the left navigation menu. A pop-up window will appear. Proceed through the pop-up window and click Next to move to the next one.

  

• You can end a walkthrough anytime by clicking the X in the pop-up window.

  

• You can resume or replay your onboarding and check its completion status by clicking the graduation cap onboarding icon on the upper navigation menu. When you click it, a pop-up menu will be displayed.

• The pop-menu displays three tabs:

  • Tasks tab: Lists the onboarding tasks. Start or replay a task by clicking the task name and proceeding through each pop-up window. As you complete each task, it is checked off in the list.

    

    When you finish the onboarding for all tasks, a survey will appear for you to rate your onboarding experience. Click Submit when you are done.

    

  • Show Me tab: By clicking this tab, you will find videos that complement your onboarding experience. You can also type a search term in the Enter a search term... field to learn about any feature. After entering a term and clicking Enter, the corresponding onboarding walkthrough will replay. Some videos are available in Spanish.

  • Help tab: This tab provides links to the Knowledge Base, Video Tutorials, Terms of Use, and Privacy Policy.

Upon logging in to RocketCyber, the system will verify the completion of all onboarding tasks. If any tasks remain outstanding, a modal will be displayed to provide a reminder.

When you have completed your self-guided onboarding in RocketCyber or chosen to do so later, navigate back to the Kaseya 365 Setup Guide page in KaseyaOne to enable the KaseyaOne Unified Login feature. The Unified Login feature (otherwise known as Log In with KaseyaOne) enables you to access all IT Complete modules to which you are subscribed without managing multiple login credentials, providing convenient access to all your subscriptions through the KaseyaOne portal. Here, you can link RocketCyber with KaseyaOne so you can log in to RocketCyber with KaseyaOne as a single sign-on. In Step 2: Connect modules to KaseyaOne by enabling Unified Login, click the How to set up Unified Login link located under Instructions.

This link provides specific information in the KaseyaOne Help on enabling Unified Login with KaseyaOne for RocketCyber. If you are a standalone RocketCyber customer, refer to Configure Log in with KaseyaOne.

In Step 2, you can also see each module's KaseyaOne Unified Login status, including RocketCyber:

• Once you successfully configure Unified Login with KaseyaOne for RocketCyber, you will see RocketCyber marked as Enabled. No further action will be needed, and you will be able to access RocketCyber from the KaseyaOne home page by clicking the arrow in the RocketCyber tile.

  

• Disabled indicates that Unified Login has not been configured for RocketCyber. If so, you can review the information provided on the How to set up Unified Login link in Step 2.

If you still need to complete your self-guided onboarding for RocketCyber, in the event that you closed it while configuring other setups, you can proceed by accessing it directly clicking the Tasks tab in the graduation cap icon of your RocketCyber instance or by following the steps outlined below:

• On the Kaseya 365 Setup Guide page in KaseyaOne, navigate to Step 3: Complete the Onboarding Tour for each module and click Onboarding Tasks for modules.

  

• The Onboarding Tasks for modules link will direct you to an article on getting started with Kaseya 365, where you can learn how to access onboarding for RocketCyber.

• On the Step 3: Complete the Onboarding Tour for each module page, you will also be able to monitor your RocketCyber onboarding completion status.

  

• In the upper-right corner, select My Account (your name) > Profile Settings

  

• The User Profile page will open. Here, you can do the following:

  • Update your name, last name, email, timezone, and password.

    

  • Enable two-factor authentication (2FA). Refer to Securing your account with Two-Factor Authentication for further information.

    

  • The Log in with KaseyaOne feature you established in the KaseyaOne portal is also available in your RocketCyber instance.

    

  • Click Update.

    

• In the upper-right corner, select the name of your MSP.

  

• In the menu, select Provider Settings.

  

• On the Details and Settings tab, you can enable the following settings:

  • Allow organizations to subscribe to notifications: This toggle enables organizations to sign up for notifications to stay informed about important updates and relevant changes.

    

  • Allow organizations to configure remediation authorization: This toggle enables organizations to manage custom remediation settings for actions taken to address issues or vulnerabilities within their systems or operations.

    

  • Allow users to authenticate using KaseyaOne: The Log in with KaseyaOne feature you established in the KaseyaOne portal is also available in your RocketCyber instance.

    

  • Enable Automatic User Creation: This toggle allows new user accounts to be generated automatically when certain conditions are met. Your users in KaseyaOne who are granted access to RocketCyber will automatically have a RocketCyber user created. It is recommended to choose a lower level of access as the default role for security purposes.

    

  • Can customize logo: This toggle allows to personalize or tailor a logo design to fit specific preferences or requirements.

    

  • Require 2FA for all users of this organization and Require 2FA for all organizations: Require users to log in using two-factor authentication (2FA). Refer to Securing your account with Two-Factor Authentication for further information.

    

  • In the lower-right corner of the page, click Update.

    

• On the Remediation tab, you can authorize the RocketCyber SOC team to take action on your behalf beyond device isolation. In addition to device isolation, you can now provide authorization to the SOC to take the following actions:

  • Device Actions

    • Remove files

    • Terminate Processes

    • Uninstall Software

  • Microsoft 365 Actions

    • Disable Accounts

    • Terminate Active Sessions

    

  • In the lower-right corner of the page, click Update. Select the checkbox if you wish to overwrite remediation settings for all organizations.

    

• On the Notifications tab, provide contact information. This is required if the SOC needs to contact the MSP regarding a security incident:

  • In the Email Address field, enter the email addresses for which incident notifications will be sent. Each address must be separated by a comma with no space between them.

    

  • In the For critical threats/emergencies, specify a phone number for escalation by the SOC team field, enter the phone numbers where the SOC team can notify you of incidents that have been escalated.

    

  • In the lower-right corner, click the Update Notification button.

    

• On the Permissions tab, do the following:

  • In the lower-right corner of the page, click the + Add User button.

    

  • Complete the Add a User form and click Save.

    

NOTE  For information about roles and access permissions, see the article Roles and Access Permissions in RocketCyber.

RocketCyber can be integrated with your existing security applications to facilitate centralized threat monitoring. Refer to the RocketCyber Integrations Guide for more information.

Integrating your Professional Services Automation (PSA) system allows complete ticket communication integration from the RocketCyber Security Operations Center (SOC). This integration offers a bulk import wizard for provisioning, enabling onboarding of all organizations or specifically selected ones. For additional information, refer to Import Organizations From PSA.

M365 Configuration

An Entra ID P1 or P2 license is necessary to set up threat detection for Microsoft Cloud. For detailed instructions, refer to Configuring Office 365 Apps.

You can add SMB organizations manually in RocketCyber. When doing so, the system automatically navigates to the Agent Deployment page. The RocketCyber Agent must be deployed to an organization's devices for security monitoring to begin on each device:

• In the upper-right corner, select the name of your MSP.

  

• In the menu, select + Add Organization

  

• In the Name field, enter the organization's name and click Save.

  

• On the Agent Deployment page, select a deployment method. See the RMM section in the RocketCyber Integrations Guide for more information.

  

Configure the Firewall Log Analyzer app to send firewall logs to one of your RocketCyber-connected computers that is running the firewall analysis software. The software looks for malicious traffic and data leaks across a wide variety of attack methods.

See the article Configuring the Firewall Analyzer. It includes information for configuring specific brands of firewalls to send syslog messages to the RocketAgent Syslog Server.

Browse the AppStore to disable/enable apps for your environment. The selections you make in the AppStore are inherited by your SMB organizations.

The Dashboard is where you configure your apps. The Events on each card indicate the number of items the application monitored for suspicious activity. You really don't need to be concerned with Events. However, you do need to review and take action on items that have been identified as incidents.