Overview of RocketCyber native capabilities

RocketCyber is comprised of different apps, each representing data and information collected through the agent, network devices, M365 accounts, or 3^rd party integrations. The information below summarizes the capabilities of RocketCyber apps that do not require use of 3^rd party integrations or deployments.

Advanced Breach Detection (Agent)
- The MITRE ATT&CK Framework defines Tactics, Techniques, and Procedures (TTPs) that attackers are most likely to execute when attempting to compromise a device or network. This app is purpose built to look for TTPs on the local device, and is one of the most effective detection apps available on the platform. RocketCyber identifies TTPs on Windows, Mac, and Linux across several categories including Discovery, Persistence, Defense Evasion, Execution, Credential Access, Privilege Escalation, Lateral Movement, and much more.
Crypto Mining Detection (Agent)
- This app will detect crypto Mining activity from browser based crypto miners, as well as commonly known crypto mining client software residing on the local device.
Cyber Terrorist Network Connections (Agent)
- Inbound and outbound network connections are logged and analyzed to detect threats over the network. Malicious activity will be identified by evaluating the port used, the reputation and geolocation of the IP address, and other available attributions.
Datto Ransomware Detection (Agent)
- Ransomware detection checks the local system for encryption activities and allows users to kill the offending process or isolate the affected host automatically, stopping ransomware attacks immediately on detection.
Defender Manager (Agent)
- Centrally manage Windows Defender for all your devices from the RocketCyber platform. Defender based detections are also sent to RocketCyber for analysis and alerting.
Endpoint Event Log Monitor (Agent)
- Security related events written to the event log are ingested by RocketCyber, custom event IDs can be added for monitoring custom applications.
Firewall Log Analyzer (Network Device)
- Network devices can send data to RocketCyber via syslog to monitor for logged security events. RocketCyber integrates with several firewall and network device vendors, the full list of supported devices can be found here: https://helpdesk.kaseya.com/hc/en-gb/articles/11783277470481-RocketCyber-Integrations-Guide
IoC Detection (Agent)
- This app runs detections curated by our threat research team and can be updated as needed with no action required by the Admin or user. The detections are informed by multiple threat intel sources and our own research on emerging threats. This allows for near-instant deployment of detections for new threats, as well as adjusting existing detections based on the changing techniques of bad actors. The SOC will monitor these detections and treat them with high priority, and the threat research team will continue to monitor detection metrics to adjust for false positives or false negatives.
Malicious File Detection (Agent)
- Leveraging our custom-built malware detection engine, we’re scanning files written to the disk or executed for malicious attributes to provide redundancy on top of your existing anti-virus solution.
O365 Login Analyzer (O365)
- One of the first indications of attack may be unexpected or repeated login attempts from unusual locations -- even outside the country. An effective defense can be as simple as monitoring for login attempts originating outside the country. Unfortunately, this seemingly simple task is more complicated in a cloud environment. The Login Analyzer tracks login attempts across all organizations and alerts you when there is an attempt to log in from a foreign country. You can configure what countries you expect to be using your cloud instances independently for each organization, or even whitelist individual IPs in the configuration settings.
O365 Log Monitor (O365)
- On your endpoint devices, the Suspicious Event Monitor and Active Directory Monitor apps can provide early warning of malicious actors. These apps alert you to attempts to create new accounts, access existing accounts or increase the permissions of existing accounts. The Office 365 Log Monitor app provides similar protection for your cloud-based activities. This app pulls the Microsoft Entra ID Active Directory events for all your organizations and displays multi-tenant information in an aggregate fashion so you can see all your clients at once.
O365 Risk Detection (O365)
- O365 continually evaluates users, apps, and sign-in risks based on heuristics and machine learning. This process is designed to identify behaviors that may pose a threat to your business or online presence.
Suspicious Network Services (Agent)
- This app detects suspicious network services running on an endpoint. While there are 65,535 available network services for legitimate use, suspicious detections are defined as well known ports and services that are leveraged for malicious intent.
Suspicious Tools (Agent)
- This app detects programs that can negatively impact the security of the system and business network. Detected suspicious tools should be investigated and are categorized as hacking utilities, password crackers, or other tools used by attackers for malicious purposes.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.