Manage RocketCyber managed SOC operations: triage security incidents, monitor endpoint agents, manage account hierarchies, and correlate detections with MSP tools like Datto RMM and Autotask for enriched threat investigation.
Use this agent when an MSP needs to investigate and triage RocketCyber SOC alerts and security incidents across their client portfolio. Trigger for: SOC alert review, incident investigation, malicious incident, suspicious activity, security triage, threat correlation, incident escalation, RocketCyber incident queue, daily security review. Examples: "Review all open RocketCyber incidents and tell me what needs immediate attention", "Investigate incident 98765 and give me a remediation plan", "Which clients have the most open security incidents this week?"
Use this agent when an MSP needs to correlate RocketCyber SOC detections with broader security context from across the Kaseya ecosystem — cross-referencing incidents with Datto RMM device data, IT Glue documentation, and Autotask ticket history to build richer threat narratives and identify whether incidents are isolated or part of a broader pattern. Trigger for: threat correlation, cross-platform security analysis, incident context enrichment, RocketCyber pattern analysis, multi-source threat investigation, Kaseya security correlation, incident trend analysis, threat narrative. Examples: "Correlate this week's RocketCyber incidents with Autotask ticket history to see if there were warning signs", "Is the suspicious activity at Acme Corp isolated or are other clients showing the same pattern?", "Enrich this RocketCyber incident with device context from Datto RMM and documentation from IT Glue"
Use this skill when working with RocketCyber accounts - provider/customer hierarchy, account management, sub-account navigation, account settings, and security policy configuration. Covers account CRUD operations and multi-tenant MSP patterns.
Use this skill when working with RocketCyber agents (RocketAgent) - deployment, communication status, health monitoring, and troubleshooting. Covers agent installation, online/offline status, agent-to-account mapping, platform support, and connectivity diagnostics.
Use this skill when working with the RocketCyber API - authentication, Bearer token flow, base URL selection, pagination, rate limiting, error handling, and account hierarchy. Covers regional endpoints, query parameter patterns, and best practices for SOC API integration.
Use this skill when working with RocketCyber application inventory - detecting, categorizing, and monitoring applications across managed endpoints. Covers application discovery, approved vs unapproved applications, app-level threat detection, and software compliance reporting.
Use this skill when working with RocketCyber security incidents - searching, triaging, investigating, and resolving incidents. Covers incident lifecycle, severity levels, verdicts (Malicious/Suspicious/Benign), status transitions, SOC analyst triage patterns, and cross-vendor PSA ticket correlation.
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
One command to supercharge Claude Code for MSP workflows.
/plugin marketplace add wyre-technology/msp-claude-plugins
Then restart Claude Code. That's it.
Documentation: mcp.wyre.ai
Thirty-three vendor-specific plugins with domain knowledge for PSA, RMM, documentation, security, accounting, CRM, and productivity tools:
| Plugin | Description |
|---|---|
| Autotask PSA | Kaseya Autotask PSA - tickets, service calls, CRM, projects, contracts, billing |
| Datto RMM | Datto remote monitoring - devices, alerts, jobs, patches |
| IT Glue | IT documentation - organizations, assets, passwords, flexible assets |
| Hudu | IT documentation - companies, assets, articles, passwords, websites |
| RocketCyber | Managed SOC - incidents, agents, events, threat detection |
| Syncro | All-in-one PSA/RMM - tickets, customers, assets, invoicing |
| Atera | RMM/PSA platform - tickets, agents, customers, alerts, SNMP/HTTP monitors |
| SuperOps.ai | Modern PSA/RMM with GraphQL - tickets, assets, clients, runbooks |
| HaloPSA | Enterprise PSA with OAuth - tickets, clients, assets, contracts |
| Liongard | Configuration monitoring - environments, inspections, systems, detections, alerts |
| ConnectWise Manage | Industry-leading PSA - tickets, companies, contacts, projects, time (cloud and self-hosted) |
| ConnectWise Automate | Enterprise RMM - computers, clients, scripts, monitors, alerts |
| NinjaOne | NinjaOne RMM - devices, organizations, alerts, ticketing |
| SalesBuildr | Sales CRM - contacts, companies, opportunities, quotes |
| Pax8 | Cloud marketplace - companies, products, subscriptions, orders, invoices |
| Xero | Accounting - contacts, invoices, payments, accounts, reports |
| QuickBooks Online | Accounting - customers, invoices, expenses, payments, reports |
| Microsoft 365 | M365 admin - users, mailboxes, Teams, OneDrive, licensing, security |
| Rootly | Incident management - incidents, alerts, on-call, AI analysis, postmortems |
| Huntress | Managed threat detection and response - agents, incidents, reports |
| Blumira | Cloud SIEM - detections, findings, alerts, automated response |
| SentinelOne | XDR platform - endpoints, threats, incidents, Purple AI integration |
| Abnormal Security | AI-native email security - threats, cases, abuse mailbox |
| Avanan | Check Point Harmony Email & Collaboration - email security, DLP |
| Ironscales | AI-powered anti-phishing - incidents, simulations, threat intel |
| Mimecast | Email security - message tracking, threat protection, compliance |
| SpamTitan | Email security by TitanHQ - spam filtering, quarantine, policies |
| Proofpoint | Targeted Attack Protection - threat intel, campaigns, forensics |
| KnowBe4 | Security awareness training - phishing simulations, PhishER, training |
| HubSpot | CRM platform - contacts, companies, deals, tickets, marketing |
| PandaDoc | Document automation - proposals, quotes, e-signatures, templates |
| BetterStack | Uptime monitoring and on-call - monitors, incidents, heartbeats |
| PagerDuty | Incident management and on-call - incidents, services, escalations |
Plus shared skills for MSP terminology, ticket triage, cross-vendor incident correlation, and billing reconciliation.
npx claudepluginhub wyre-technology/msp-claude-plugins --plugin rocketcyberClaude plugins for Checkpoint Harmony Email & Collaboration (Avanan) - email security, anti-phishing, threat detection, quarantine management
Vendor-agnostic MSP skills — terminology, ticket triage, incident correlation, and billing reconciliation
Claude plugins for Better Stack - uptime monitoring, incident management, status pages, on-call schedules, and log management (Logtail) for MSPs
Claude plugins for KnowBe4 - security awareness training, phishing simulation, user risk management
Claude plugins for RunZero - asset discovery, network scanning, service inventory, OS fingerprinting, wireless detection, and vulnerability reporting for MSPs
Claude plugins for Huntress - managed threat detection, incident response, endpoint agent management, escalations, and billing reports for MSPs
Advanced LimaCharlie skills for MSSP reporting, fleet coverage, threat intelligence, adapter management, IaC, onboarding, and HTML dashboards. Requires lc-essentials plugin.
Upstash Context7 MCP server for up-to-date documentation lookup. Pull version-specific documentation and code examples directly from source repositories into your LLM context.
Consult multiple AI coding agents (Gemini, OpenAI, Grok, Perplexity, plus codex, antigravity, and grok CLIs when installed) to get diverse perspectives on coding problems
Comprehensive startup business analysis with market sizing (TAM/SAM/SOM), financial modeling, team planning, and strategic research
v9.52.0 - Reliability wave: tangle contextual review correction loop with hard round ceiling, progress-supervised review rounds (per-agent stall watch, descendant-tree kills), council diversity and agy pin fixes, marketplace generator source-of-truth fix, provider troubleshooting runbook and cost-expectations docs. Run /octo:setup.