Access Deep Instinct threats on your RocketCyber dashboard
The Deep Instinct App is designed to retrieve all threat data from the Deep Instinct dashboard. It is designed to operate across all tenants (customers) where Deep Instinct malware protection is deployed.
The account that you logon to the Deep Instinct dashboard and generate the API Token with must have access to the threat data. As of this date, in order to use the Deep Instinct API integration, the predefined and default role of Master Admin is required. This is necessary in order to read threat details and perform threat actions from the RocketCyber SOC.
How to Set Up
- Find your Deep Instinct API Key
- Log in to the Deep Instinct portal. Copy the URL you use to do this, as it will be needed later. It should be something like https://partner1.poc.deepinstinctweb.com
DO NOT include anything after the ".com", such as /login or /dashboard
- Go to the Settings / Integration & Notifications on the left and select API Connectors
- Click Add Connector >
- Complete the 3 fields in the API Connector window:
- Name your API - RocketCyber SOC
- Tenants - Select "All Tenants"
- Permission - Select "Read and Remediation"
- Click Create
- Copy the generated API token
- Add the API Token and URL to your Deep Instinct App setup
- Enable the Deep Instinct App in the App Store if you have not already done so
- Click on Integrations in the main nav menu (left side of the screen)
- Paste the API Token into the API Token box
- See the box below for an example of how to get your base URL from the dashboard URL. Once you have the base URL, paste it into the URL box.
- Click Authenticate
- If the integration succeeded, you will see a grid allowing you to map your Deep Instinct accounts to RocketCyber accounts. Map all accounts you wish to import and click Save Map
- Enjoy the convenience of Deep Instinct threats delivered directly to your RocketCyber dashboard and the ability to take remediation action with the RocketCyber SOC!