Learn about RocketCyber's powerful result review and triage tools
Review
Review and whitelisting can be performed at the MSP, Customer or Device Level
Each RocketApp provides an app result or detection whenever a suspicious or malicious event is detected. These app results are aggregated per RocketApp and the counts are displayed on the dashboard as shown below.
Click Review to begin reviewing the app results for the desired app.
The detail dialog displays important detail information about the detection.
You can quickly cycle through the details using the left or right arrow keys or by clicking the arrow in the bottom left or right of the screen.
Search for specific detections using the Search feature or the date filters.
If you want to view results only for a specific device, click on the device name in the grid. This will change the view to only the results related to that device as shown below.
Whitelisting
Most apps support the concept of whitelisting. This allows you to tune the detection results and ignore acceptable risks or known behavior.
1. Select the items from the review list then click the Action button.
2. After selecting whitelist rules, click Add. Select Remove Existing Results to delete existing results that match your new whitelist rule.
Once the items are added to the whitelist they should not be reported in the console from that point forward.
Best Practice
It is best practice to perform triage and review on a daily basis, whitelisting as necessary to get to a steady-state. When app results are no longer needed it is best to delete them using the review interface.