Whitelisting allows you to customize your result view to each customer
While there are many use cases for excluding detections from the results, the most common customer request was the ability to still detect a specific Suspicious/Malicious finding and exclude it when it meets given criteria.
Whitelisting can be performed at the MSP, Customer, or Device levels. Each level inherits changes from higher levels.
So a whitelist made at the MSP level will affect all Customers, and one made at the Customer level will apply to all of that Customer's devices.
Suppose you have your network admin devices in RocketCyber. netstat is a perfectly valid tool for them to use, and you do not want to see notifications about it. The whitelist can remove existing results and prevent future results of that type from being reported.
- Go to the customer to which you added your networking devices
- Since this particular notification is in Advanced Breach Detection, go to that app and select at least one of the checkboxes next to a result for netstat.
- Click the Action button at the bottom-right, and select Add to Whitelist
- Select the checkbox(es) for what you would like to whitelist.
- If you want to remove existing records as well as preventing new ones, select the checkbox in the bottom-right labeled Remove Existing Records.
- Click Add
This type of whitelisting is available for most RocketCyber apps. See Custom Whitelisting or Whitelisting and App Triage for more information on whitelisting possibilities.
Keep in mind when performing a white list configuration at the MSP root level account when you login applies this across all managed customers.