From kaseya-rocketcyber
Use this skill when working with RocketCyber application inventory - detecting, categorizing, and monitoring applications across managed endpoints. Covers application discovery, approved vs unapproved applications, app-level threat detection, and software compliance reporting.
How this skill is triggered — by the user, by Claude, or both
Slash command
/kaseya-rocketcyber:appsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
RocketCyber tracks applications detected across managed endpoints through its agent telemetry. The application inventory provides visibility into what software is installed and running in customer environments, supporting security compliance, threat investigation, and software governance.
RocketCyber tracks applications detected across managed endpoints through its agent telemetry. The application inventory provides visibility into what software is installed and running in customer environments, supporting security compliance, threat investigation, and software governance.
Key capabilities:
RocketAgent continuously monitors endpoints and reports detected applications back to the RocketCyber platform. Detection covers:
Applications may be categorized by type (verify categories against API docs):
| Category | Description | Examples |
|---|---|---|
| Security | Security and antivirus tools | Windows Defender, CrowdStrike, SentinelOne |
| Remote Access | Remote control and access tools | TeamViewer, AnyDesk, LogMeIn |
| Productivity | Business and productivity software | Microsoft Office, Google Workspace |
| Communication | Messaging and collaboration | Slack, Teams, Zoom |
| Development | Development tools and IDEs | Visual Studio, VS Code, Git |
| System | OS and system utilities | Windows Update, .NET Runtime |
| Unknown/Other | Uncategorized applications | Custom or niche software |
Application inventory matters for security because:
| Field | Type | Description |
|---|---|---|
id | integer | Unique application record identifier (verify against API docs) |
name | string | Application name |
version | string | Application version (verify against API docs) |
publisher | string | Application publisher/vendor (verify against API docs) |
category | string | Application category (verify against API docs) |
accountId | integer | Customer account where the app was detected |
agentId | integer | Agent/endpoint where the app was detected (verify against API docs) |
hostname | string | Endpoint hostname (verify against API docs) |
detectedAt | datetime | When the application was first detected (verify against API docs) |
lastSeen | datetime | Most recent detection timestamp (verify against API docs) |
Note: Field names are inferred from common SOC platform conventions. Verify exact field names against RocketCyber API responses.
# Applications for a specific customer
curl -s "https://api-${ROCKETCYBER_REGION:-us}.rocketcyber.com/v3/apps?accountId=12345" \
-H "Authorization: Bearer ${ROCKETCYBER_API_KEY}"
Response (verify against API docs):
{
"data": [
{
"id": 7001,
"name": "TeamViewer",
"version": "15.40.0",
"publisher": "TeamViewer GmbH",
"category": "Remote Access",
"accountId": 12345,
"hostname": "WORKSTATION-01",
"detectedAt": "2026-01-15T08:00:00Z",
"lastSeen": "2026-02-23T09:00:00Z"
},
{
"id": 7002,
"name": "Windows Defender",
"version": "4.18.24010",
"publisher": "Microsoft",
"category": "Security",
"accountId": 12345,
"hostname": "WORKSTATION-01",
"detectedAt": "2025-06-15T09:00:00Z",
"lastSeen": "2026-02-23T09:00:00Z"
}
],
"totalCount": 150,
"page": 1,
"limit": 50
}
# All applications across all customer accounts
curl -s "https://api-us.rocketcyber.com/v3/apps" \
-H "Authorization: Bearer ${ROCKETCYBER_API_KEY}"
When investigating a security incident:
| Scenario | HTTP Code | Resolution |
|---|---|---|
| Invalid API key | 401 | Verify key in Provider Settings > API |
| Account has no apps | 200 (empty) | Agents may not have reported yet, or no agents deployed |
| Rate limited | 429 | Back off 30 seconds, retry |
No applications found for account ID 12345.
This could mean:
- Agents have not yet reported application data
- No agents are deployed to this customer
- The account ID is incorrect (verify with /accounts endpoint)
npx claudepluginhub p/drewrox2009-kaseya-rocketcyber-msp-claude-plugins-kaseya-rocketcyberGuides completion of development work by verifying tests, detecting environment, and presenting structured options for merge, PR, or cleanup.
Guides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.
Dispatches multiple subagents concurrently for independent tasks without shared state. Use when facing 2+ unrelated failures or subsystems that can be investigated in parallel.