Access Deep Instinct threats on your RocketCyber dashboard
The Deep Instinct App is designed to retrieve all threat data from the Deep Instinct dashboard. It is designed to operate across all tenants (customers) where Deep Instinct malware protection is deployed.
The account that you logon to the Deep Instinct dashboard and generate the API Token with must have access to the threat data. As of this date, in order to use the Deep Instinct API integration, the predefined and default role of Master Admin is required. This is necessary in order to read threat details and perform threat actions from the RocketCyber SOC.
How to Set Up
- Find your Deep Instinct API Key
- Log in to the Deep Instinct portal. Copy the url you use to do this, as it will be needed later. It should be something like https://partner1.poc.deepinstinctweb.com/login/
- Go to the Settings / Integration & Notifications on the left and select API Connectors
- Click Add Connector >
- Complete the 3 fields in the API Connector window:
- Name your API - RocketCyber SOC
- Tenants - Select "All Tenants"
- Permission - Select "Read and Remediation"
- Click Create
- Copy the generated API token
- Set up your Antivirus-RocketCyber mapping if you have not already done so
- Add the API Token to your Deep Instinct App configurations
- Go to your RocketCyber dashboard
- Enable the Deep Instinct App in the App Store if you have not already done so
- Click the gear on the Deep Instinct App to access the configuration menu
- Set up customer mapping so your detections are routed to the correct customer
- Paste the API Token into the API Token box
- Click Authenticate
- Enjoy the convenience of Deep Instinct threats delivered directly to your RocketCyber dashboard and the ability to take remediation action with the RocketCyber SOC!