Configuring IRONSCALES

Access IRONSCALES threats on your RocketCyber dashboard

Overview

The IRONSCALES App is designed to retrieve all threat data from the IRONSCALES dashboard and across your fleet of organizations to provide insight for the RocketCyber SOC.  

Required permissions

The account that you log in to the IRONSCALES dashboard and generate the API Token with must have access to the threat data. Typically, this is included with the ADMIN or OWNER role that is predefined roles in the IRONSCALES Dashboard.

Gathering setup information

To gather setup information, follow these steps:

  • Log in to IRONSCALES

  • Click Account Settings in the left menu.

  • Click General.

  • Gather the following three pieces of information:

    • APP API TOKEN

    • COMPANY DOMAIN

    • COMPANY NAME

ironscales-account-general.png

Setting up and connecting

In RocketCyber, follow these steps:

  • In the left panel, click Integrations.

  • Click the Email Security tab.

  • Click the Iron Scales Monitor tab, and Paste the 3 pieces of information gathered: API Token, Company Name, Company Domain.

  • Click Authenticate to connect.


Mapping organization data

  • After authenticating, you will be presented with the following screen where you can map IRONSCALES customers to RocketCyber organizations.
    ironscales-mapping.png

  • Click Save Map.

Note: The columns pull specific values from the JSON attributes for each event that comes in, but if there are no attributes to pull or if they do not match what is reported in the JSON event, then the UI display process will show this as blank. In this case, we currently do not pull the Report and User Report attributes for the events reporting blank columns. Please rest assured that the SOC team will receive these detections in real-time.

Enjoy the convenience of IRONSCALES threat data delivered directly to your RocketCyber SOC dashboard!