Ask the Community
Groups
Getting Started with RocketCyber SOC - Connect IT Community | Kaseya
<main> <article class="userContent"> <h2 data-id="this-article-provides-guidance-on-the-recommended-steps-for-an-msp-to-begin-the-onboarding-process-with-the-rocketcyber-soc-as-a-service">This article provides guidance on the recommended steps for an MSP to begin the onboarding process with the RocketCyber SOC-as-a-Service.</h2> <blockquote class="blockquote"> <p>The 24/7 cyber security monitoring service is about to begin providing insight across your customer's Endpoint, Network and Cloud attack vectors. To see how your security stack aligns with the RocketCyber SOC, you can visit our frequently updated <a href="https://kaseya.vanillacommunities.com/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.rocketcyber.com%2Fintegrations" rel="noopener nofollow">integrations</a> site.</p> </blockquote> <ol><li> <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fapp.rocketcyber.com%2Fusers%2Fsign_up" rel="noopener nofollow">Signup</a> for the 21-day SOC-as-a-Service trial</li> <li>Secure your login account with <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Frocketcyber%2Fhc%2Fen-us%2Farticles%2F360017914957" rel="noopener nofollow">2FA</a> </li> <li>Navigate to <strong>Provider Settings</strong> to apply ><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/OMBR18L0RAI9/provider-settings-1.png" alt="provider-settings-1.png" class="embedImage-img importedEmbed-img"></img><br><ol><li> <strong>Branding</strong>: Upload your logo</li> <li> <strong>Permissions</strong>: Add users at the MSP level if needed</li> <li> <strong>Notifications</strong>: Add an Email and Phone for security incident notifications (PSA integration will be covered later)</li> </ol></li> <li> <strong>AppStore - </strong>Browse the AppStore to <strong>disable/enable</strong> apps while you are in context as the MSP. This will apply your choice of apps downstream to all tenants created.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/RLIZYUCCUBPM/app-store.png" alt="app-store.png" class="embedImage-img importedEmbed-img"></img></li> <li> <strong>Add Customers (Provisioning tenants)</strong> <ol><li> <strong>by PSA Integration (bulk)</strong> - The most popular option for onboarding your fleet of customers is to add your PSA's API Key. This enables you as the MSP to have a fully integrated ticket communication from the RocketCyber SOC. For provisioning, the PSA integration offers a bulk import wizard, presenting an option to choose all or selective customers you desire to onboard. See <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Frocketcyber%2Fhc%2Fen-us%2Farticles%2F360018051858" rel="noopener nofollow">Importing Customers from PSA</a>.</li> <li> <strong>by Add Customers Dropdown (individually)</strong> - from the menu click "Add Customer" and give the customer a name. (My MSP Internal Network).<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/PLMVIM691R3P/add-customer-1.png" alt="add-customer-1.png" class="embedImage-img importedEmbed-img"></img></li> </ol></li> <li> <strong>Defense-in-Depth (Layered Security)</strong> - now it's time to begin the threat monitoring process for your first customer. This will be accomplished in several parts: <ol><li> <strong>Agent deployment</strong> - (endpoint threat data) navigate to All Customers / Customer Deployment / select your preferred method of delivery, i.e. RMM script, PowerShell. Upon deployment, devices will be in continuous cybersecurity monitoring mode identifying malicious/suspicious activity. The type of threat activity is dependent upon the apps you've enabled from the AppStore in addition to other integrations outlined below.</li> <li> <strong>Firewall configuration</strong> - (network threat data) navigate to the dashboard and find the Firewall Log Analyzer app. See <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Frocketcyber%2Fhc%2Fen-us%2Farticles%2F360018050918" rel="noopener nofollow">Configuring the Firewall App</a>.</li> <li> <strong>Microsoft 365 configuration</strong>: (cloud threat data) navigate to the dashboard and find one of the Microsoft 365 apps. See <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Frocketcyber%2Fhc%2Fen-us%2Farticles%2F360018052558" rel="noopener nofollow">Configuring the Office 365 Apps</a>.</li> <li> <strong>Have been Pwned configuration</strong>: (cloud threat data) navigate to Integrations / Dark Web to set up dark web monitoring for Microsoft 365 users. See <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Frocketcyber%2Fhc%2Fen-us%2Farticles%2F360018051598" rel="noopener nofollow">Set Up HaveIBeenPwned</a> </li> <li> <strong>Anti-virus configuration</strong>: (malware data) The majority of the NGAV apps are connected using an API Key. The exception would be for Microsoft Defender, which is a full command and control app. See <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Frocketcyber%2Fhc%2Fen-us%2Farticles%2F360017914597" rel="noopener nofollow">Configuring NGAV Apps</a>. </li> <li> <strong>Email Security configuration</strong>: (spam/phishing data) Our current integration is with <a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Frocketcyber%2Fhc%2Fen-us%2Farticles%2F360018052878">Ironscales </a>and is configured with an API key. Other email security vendors are currently in development.</li> <li> <strong>Threat intelligence configuration</strong>: (threat intel feed data) The integration with intelligence providers consumes real-time threats from a vendor and puts them into action, resulting in a positive/negative verdict. See <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Frocketcyber%2Fhc%2Fen-us%2Farticles%2F360017914637" rel="undefined nofollow">Configuring AlienVault Threat Feed</a>.</li> </ol></li> </ol><div data-hs-callout-type="tip"> <p>RocketCyber practices and prioritizes development efforts to a Defense-in-Depth strategy, aligning to the security stack for MSPs. It is encouraged to configure all layers outlined above for each customer to eliminate any potential blind spot to the SOC, putting the customer at risk.</p> </div> </article> </main>