Ask the Community
Groups
Configure the Deep Instinct Monitor - Connect IT Community | Kaseya
<main> <article class="userContent"> <h2 data-id="access-deep-instinct-threats-on-your-rocketcyber-dashboard">Access Deep Instinct threats on your RocketCyber dashboard</h2> <h3 data-id="overview">Overview</h3> <p>The Deep Instinct App is designed to retrieve all threat data from the Deep Instinct dashboard. It is designed to operate across all tenants (customers) where Deep Instinct malware protection is deployed.</p> <h3 data-id="required-permissions">Required Permissions</h3> <p>The account that you logon to the Deep Instinct dashboard and generate the API Token with must have access to the threat data. As of this date, in order to use the Deep Instinct API integration, the predefined and default role of Master Admin is required. This is necessary in order to read threat details and perform threat actions from the RocketCyber SOC.</p> <h3 data-id="how-to-set-up">How to Set Up</h3> <ol><li>Find your Deep Instinct API Key <ol><li>Log in to the Deep Instinct portal. <strong>Copy the URL</strong> you use to do this, as it will be needed later. It should be something like<em> <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fpartner1.poc.deepinstinctweb.com">https://partner1.poc.deepinstinctweb.com</a></em> <ol><li> <strong>DO NOT</strong> include anything after the ".com", such as <em>/login</em> or <em>/dashboard</em> </li> </ol></li> <li>Go to the Settings / Integration & Notifications on the left and select <strong>API Connectors</strong> <figure><img src="https://us.v-cdn.net/6032361/uploads/migrated/RHM360B7DS46/deepinstinct-api-connectors.png" alt="deepinstinct-api-connectors.png" class="embedImage-img importedEmbed-img"></img></figure></li> <li>Click <strong>Add Connector</strong> ></li> <li>Complete the 3 fields in the API Connector window: <ol><li>Name your API - RocketCyber SOC</li> <li>Tenants - Select "All Tenants"</li> <li>Permission - Select "Read and Remediation"<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/Y4R9OHR7DCVF/deepinstinct-add-api-connector.png" alt="deepinstinct-add-api-connector.png" class="embedImage-img importedEmbed-img"></img></li> </ol></li> <li>Click Create</li> <li>Copy the generated API token<img src="https://us.v-cdn.net/6032361/uploads/migrated/BGCLN2P14L6S/deepinstinct-copy-api-key.png" alt="deepinstinct-copy-api-key.png" class="embedImage-img importedEmbed-img"></img></li> </ol></li> <li>Add the API Token and URL to your Deep Instinct App setup<br><ol><li>Enable the Deep Instinct App in the App Store if you have not already done so</li> <li>Click on <strong>Integrations</strong> in the main nav menu (left side of the screen)</li> <li>Paste the API Token into the API Token box</li> <li>See the box below for an example of how to get your base URL from the dashboard URL. Once you have the base URL, paste it into the URL box.</li> <li>Click <strong>Authenticate</strong> </li> </ol></li> <li>If the integration succeeded, you will see a grid allowing you to map your Deep Instinct accounts to RocketCyber accounts. Map all accounts you wish to import and click <strong>Save Map<img src="https://us.v-cdn.net/6032361/uploads/migrated/U19135LI8MNM/customer-map.png" alt="customer_map.png" class="embedImage-img importedEmbed-img"></img></strong> </li> <li>Enjoy the convenience of Deep Instinct threats delivered directly to your RocketCyber dashboard and the ability to take remediation action with the RocketCyber SOC!</li> </ol><div data-hs-callout-type="caution">The URL must be in the correct format or the integration will fail. For example:<br><br>If your dashboard URL is <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fpartner1.poc.deepinstinctweb.com%2Flogin">https://partner1.poc.deepinstinctweb.com/login</a><br><br>Then the URL you should paste in is <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fpartner1.poc.deepinstinctweb.com">https://partner1.poc.deepinstinctweb.com</a><br><br>Note (1) the URL begins with "HTTPS://", (2) the URL has removed "/login" and any additional parameters, and (3) the URL does <strong>not</strong> have a trailing slash.</div> </article> </main>