Triage, Review, and Whitelist Results

Learn about RocketCyber's powerful result review and triage tools

Review

Review and whitelisting can be performed at the MSP, Customer or Device Level

Each RocketApp provides an app result or detection whenever a suspicious or malicious event is detected. These app results are aggregated per RocketApp and the counts are displayed on the dashboard as shown below.

Click Review to begin reviewing the app results for the desired app.

 

This is the main triage interface.
You can click on Details next to any result to get more details about the detected item.
Quickly switch between apps using the Switch App dropdown in the top right.

 

The detail dialog displays important detail information about the detection.

You can quickly cycle through the details using the left or right arrow keys or by clicking the arrow in the bottom left or right of the screen.

 

 

Search for specific detections using the Search feature or the date filters.

If you want to view results only for a specific device, click on the device name in the grid. This will change the view to only the results related to that device as shown below.

 

 

Whitelisting

Most apps support the concept of whitelisting. This allows you to tune the detection results and ignore acceptable risks or known behavior.

 1.    Select the items from the review list then click the Action button.

 

 2.    After selecting whitelist rules, click Add.  Select Remove Existing Results to delete existing results that match your new whitelist rule.

 

 

Once the items are added to the whitelist they should not be reported in the console from that point forward.

Best Practice

It is best practice to perform triage and review on a daily basis, whitelisting as necessary to get to a steady state. When app results are no longer needed it is best to delete them using the review interface.