Set Up Organization Mapping for Endpoint Security Integrations

This article defines the steps to map your Endpoint Security alerts to your RocketCyber organizations

This setup will allow you to route all future Endpoint Security results to the correct organization automatically.  This will not change existing results.  If you have a different Endpoint Security product for each organization or are happy to have all results go to a single RocketCyber organization , then this is not necessary.

Set this up BEFORE configuring an Endpoint Security app to ensure that all Endpoint Security detections are routed to the appropriate organization.

  1. Go into your Endpoint Security product dashboard.  You will need a unique identifier to tie to your RocketCyber organization account.  
    1. In SentinelOne, this could be a Site Name, Site ID, or Agent Domain
      1. Site Name can be found under the Sentinels menu
        sentinelone1.png
    2. For Webroot, this must be the site keycode
      1. Go to Sites
        webroot1.png
      2. Click on View next to a specific site
      3. Keycode can be seen either under the Details menu or under Downloads (the picture below is in downloads)
        webroot2.png
  2. Go to the Provider level in RocketCyber, and attempt to configure an AV app.  You will receive a warning that you should only do this if setting up a mapping, and a link to do so.  Click the Configure Organization Mapping link
    .Screen_Shot_2020-07-14_at_2.39.57_PM.png
  3. Select whether you would like all detections to be routed to a single organization or if you would like to enter information that will allow us to associate detections with RocketCyber organizations.
    Screen_Shot_2020-07-14_at_2.38.58_PM.png
  4. Select a organization (if you selected to use a single organization for all detections), or fill in the chart with the IDs you got in step 1.  If you have a RocketCyber organization who does not use this product, leave that field blank.
    Screen_Shot_2020-07-14_at_2.39.14_PM.png
  5. Click Save

TIPS

  1. When first setting up this integration, check to ensure that all detections on your Endpoint Security dashboard have been routed correctly.  

  2. A typo in the unique ID can easily prevent detection from being associated with the correct organization, so use copy/paste