What's new in Kaseya MDR

This article highlights what has changed in Kaseya MDR compared to RocketCyber, with a focus on workflows and user experience. It explains how key workflows have evolved, what the new experience emphasizes, and why Kaseya MDR behaves differently.

This article focuses on what is different and why it matters. It does not cover setup steps or navigation.

At a glance: what’s changed

Kaseya MDR introduces an alert‑centric platform designed to streamline investigations and make response actions easier to access.

Area What's different in Kaseya MDR
User experience User interface refocused on alerts rather than raw events
Investigations Investigations consolidated into a single Analysis experience
Alerting Environment‑specific customer‑controlled alert rules alongside SOC‑managed detections
Response Built‑in manual and automated response actions
Configuration Centralized, baseline‑driven configuration model
Reporting Extended log retention and non‑expiring reports
Platform Rebuilt on a shared, scalable SaaS infrastructure

User experience and focus

Kaseya MDR shifts the platform from an event‑centric model to an alert‑centric one. The practical impact is that you start with curated alerts that represent meaningful signals, then investigate using correlated context in Analysis.

RocketCyber Kaseya MDR
Event‑centric user experience Alert‑centric user experience
Dashboard emphasizes raw event counts across applications Dashboard focuses on actionable alerts rather than raw events
Events often require interpretation before determining impact Alerts represent incidents requiring investigation or response
Legacy UI patterns across pages Redesigned, modern interface across core workflows

Investigation model

Investigations are no longer tied to individual apps or integrations. Kaseya MDR consolidates investigation workflows into a single experience so analysis and correlation happen in one place.

RocketCyber Kaseya MDR
Investigations tied to individual data sources or apps Unified investigations via the Analysis page
Analysts pivot between multiple views and tools Single investigation workflow
Context gathered manually across systems Correlated activity shown in a single timeline
Searches scoped per integration Single search across users, devices, IPs, and assets

Alerting capabilities

Kaseya MDR retains SOC‑managed detections while adding customer‑controlled alerting that can be tailored per environment.

RocketCyber Kaseya MDR
SOC‑managed alert rules SOC‑managed rules plus customer customization
Limited ability to tailor detections per customer Custom alert rules per environment

In Kaseya MDR, customer‑created rules are designed to notify your organization by default. If you want the SOC to monitor a custom rule, you can request it and the SOC will evaluate whether it should be monitored. SOC monitoring of custom rules occurs only after review and approval.

Customer‑controlled alerting also supports:

  • Indicators of compromise (IOCs)

  • Volume‑based alerting

  • Logical AND/OR rule conditions

  • Custom rules that complement SOC‑managed detections

Response actions and automation

Kaseya MDR surfaces response actions directly in the interface and supports manual and automated actions, including bulk actions across multiple affected devices.

RocketCyber Kaseya MDR
Limited customer‑visible actions Built‑in response actions available to customers
Mostly SOC‑driven responses Manual and automated response actions
Limited automation exposed to customers Automated responses tied to alerts or custom rules
  Mass device isolation and restoration

Kaseya MDR provides customers access to comparable classes of response actions used by the SOC. Differences remain in monitoring, defaults, and operational responsibility.

Configuration management

Configuration is centralized and baseline‑driven, making it easier to manage settings consistently across organizations.

RocketCyber Kaseya MDR
Settings spread across individual apps Centralized configuration model
Blurred MSP vs customer settings Clear separation of global defaults and org overrides
Limited visibility into configuration drift Visibility into baseline adherence and exceptions

Reporting and log retention

Kaseya MDR extends data availability and simplifies access to historical information.

RocketCyber Kaseya MDR
One‑year log retention Extended log retention and improved access to historical data (up to 400 days, depending on data source and availability)
Reports expire New reporting engine with non‑expiring reports
Historical data via emailed links Historical data available in-platform

Platform architecture

Kaseya MDR is built on the SaaS Alerts infrastructure to improve scalability and support faster delivery of new capabilities.

RocketCyber Kaseya MDR
Legacy infrastructure Shared SaaS Alerts infrastructure
Duplicated services Centralized alerting, event processing, and allowlisting
Limited scalability and extensibility More scalable, responsive, and automation‑ready

Deployment and parallel operation

Kaseya MDR is delivered as a platform update and runs alongside RocketCyber during the transition period.

  • No forced cutover

  • Same agent (no reinstall required)

  • Settings and organizations remain aligned

  • Accessed via a separate subdomain

High‑level summary

Kaseya MDR preserves the core protections and service model you rely on, while introducing:

  • Alert‑centric workflows

  • Unified investigations

  • Customer‑controlled alerting

  • Built‑in automation and response actions

  • Extended log retention and improved reporting

  • A more scalable and extensible platform foundation

You can adopt Kaseya MDR at your own pace while continuing to use RocketCyber.

Related articles