Configure the Deep Instinct Monitor

Access Deep Instinct threats on your RocketCyber dashboard

Overview

The Deep Instinct App is designed to retrieve all threat data from the Deep Instinct dashboard. It is designed to operate across all tenants (customers) where Deep Instinct malware protection is deployed.

Required Permissions

The account that you logon to the Deep Instinct dashboard and generate the API Token with must have access to the threat data. As of this date, in order to use the Deep Instinct API integration, the predefined and default role of Master Admin is required. This is necessary in order to read threat details and perform threat actions from the RocketCyber SOC.

How to Set Up

  1. Find your Deep Instinct API Key
    1. Log in to the Deep Instinct portal.  Copy the url you use to do this, as it will be needed later.  It should be something like https://partner1.poc.deepinstinctweb.com
      1. DO NOT include anything after the ".com", such as /login or /dashboard
    2. Go to the Settings / Integration & Notifications on the left and select API Connectors
      deepinstinct-api-connectors
    3. Click Add Connector >
    4. Complete the 3 fields in the API Connector window:
      1. Name your API - RocketCyber SOC
      2. Tenants - Select "All Tenants"
      3. Permission - Select "Read and Remediation"

        deepinstinct-add-api-connector
    5. Click Create
    6. Copy the generated API tokendeepinstinct-copy-api-key
  2. Add the API Token and URL to your Deep Instinct App setup

    1. Enable the Deep Instinct App in the App Store if you have not already done so
    2. Click on Integrations in the main nav menu (left side of screen)
    3. Paste the API Token into the API Token box
    4. See box below for an example of how to get your base URL from the dashboard URL.  Once you have the base URL, paste it into the URL box.
    5. Click Authenticate
  3. If the integration succeeded, you will see a grid allowing you to map your Deep Instinct accounts to RocketCyber accounts.  Map all accounts you wish to import and click Save Mapcustomer_map
  4. Enjoy the convenience of Deep Instinct threats delivered directly to your RocketCyber dashboard and the ability to take remediation action with the RocketCyber SOC!

 

The URL must be in the correct format or the integration will fail.  For example:

If your dashboard URL is https://partner1.poc.deepinstinctweb.com/login

Then the URL you should paste in is https://partner1.poc.deepinstinctweb.com

 

Note (1) the URL begins with "https://", (2) the URL has removed "/login" and any additional parameters, and (3) the URL does not have a trailing slash