From rocketcyber
Manages RocketCyber account hierarchy, including provider/customer CRUD, sub-account navigation, and security policy configuration for MSP environments.
How this skill is triggered — by the user, by Claude, or both
Slash command
/rocketcyber:accountsWhen to use
When working with provider/customer hierarchy, account management, sub-account navigation, account settings, and security policy configuration in RocketCyber accounts. Use when: rocketcyber account, rocketcyber customer, rocketcyber provider, rocketcyber tenant, rocketcyber organization, account hierarchy rocketcyber, rocketcyber sub-account, or rocketcyber client.
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
RocketCyber uses a hierarchical account model designed for MSPs. The provider account (your MSP) contains multiple customer sub-accounts, each representing a managed client. All API operations can be scoped to a specific customer account using the `accountId` parameter.
RocketCyber uses a hierarchical account model designed for MSPs. The provider account (your MSP) contains multiple customer sub-accounts, each representing a managed client. All API operations can be scoped to a specific customer account using the accountId parameter.
Understanding the account hierarchy is essential for:
┌─────────────────────────────────────┐
│ Provider Account (MSP) │
│ - API key is scoped here │
│ - Provider-level reporting │
│ - Global security policies │
│ │
│ ┌───────────────────────────────┐ │
│ │ Customer Account: Acme Corp │ │
│ │ - accountId: 12345 │ │
│ │ - Agents, Incidents, Apps │ │
│ └───────────────────────────────┘ │
│ │
│ ┌───────────────────────────────┐ │
│ │ Customer Account: Beta LLC │ │
│ │ - accountId: 12346 │ │
│ │ - Agents, Incidents, Apps │ │
│ └───────────────────────────────┘ │
│ │
│ ┌───────────────────────────────┐ │
│ │ Customer Account: Gamma Inc │ │
│ │ - accountId: 12347 │ │
│ │ - Agents, Incidents, Apps │ │
│ └───────────────────────────────┘ │
└─────────────────────────────────────┘
| Type | Description |
|---|---|
| Provider | The MSP's top-level account; owns the API key |
| Customer | A managed client account under the provider |
| Status | Description |
|---|---|
| Active | Account is fully operational |
| Inactive | Account is disabled or suspended (verify against API docs) |
| Field | Type | Description |
|---|---|---|
id | integer | Unique account identifier |
name | string | Account display name |
type | string | Account type: provider, customer |
status | string | Account status: active, inactive (verify against API docs) |
parentId | integer | Provider account ID (for customer accounts, verify against API docs) |
createdAt | datetime | When the account was created (verify against API docs) |
agentCount | integer | Number of deployed agents (verify against API docs) |
settings | object | Account-level configuration (verify against API docs) |
Note: Field names are inferred from the Celerium PowerShell wrapper. Verify exact field names against RocketCyber API responses.
# All customer accounts under the provider
curl -s "https://api-${ROCKETCYBER_REGION:-us}.rocketcyber.com/v3/accounts" \
-H "Authorization: Bearer ${ROCKETCYBER_API_KEY}"
Response (verify against API docs):
{
"data": [
{
"id": 12345,
"name": "Acme Corporation",
"type": "customer",
"status": "active"
},
{
"id": 12346,
"name": "Beta LLC",
"type": "customer",
"status": "active"
}
],
"totalCount": 45,
"page": 1,
"limit": 50
}
# Single account details
curl -s "https://api-us.rocketcyber.com/v3/accounts/12345" \
-H "Authorization: Bearer ${ROCKETCYBER_API_KEY}"
Response (verify against API docs):
{
"id": 12345,
"name": "Acme Corporation",
"type": "customer",
"status": "active",
"createdAt": "2024-03-15T10:00:00Z",
"agentCount": 47
}
The API may not support direct name search. To find an account by name:
# List all accounts and filter client-side
curl -s "https://api-us.rocketcyber.com/v3/accounts?limit=500" \
-H "Authorization: Bearer ${ROCKETCYBER_API_KEY}" \
| jq '.data[] | select(.name | test("acme"; "i"))'
/agents?accountId={id}For a given customer account:
/accounts/{id} for account details/agents?accountId={id} for agent deployment status/incidents?accountId={id}&status=open for active threats/apps?accountId={id} for application inventory| Scenario | HTTP Code | Resolution |
|---|---|---|
| Invalid API key | 401 | Verify key in Provider Settings > API |
| Account not found | 404 | Verify account ID; account may have been removed |
| No accounts returned | 200 (empty) | Provider account may not have any customers yet |
| Rate limited | 429 | Back off 30 seconds, retry |
Account not found: ID 99999
The account may have been removed or the ID is incorrect.
List all accounts with GET /v3/accounts to find valid account IDs.
npx claudepluginhub wyre-technology/msp-claude-plugins --plugin rocketcyberProvides patterns for RocketCyber API v3: Bearer token auth, regional base URLs, pagination, rate limiting, error handling, and provider-customer account hierarchy.
Manages Blumira MSP multi-tenant operations: list accounts, query cross-account findings, per-account devices/users/keys, and resolve findings.
Provides patterns for the Huntress MCP API including authentication, pagination, rate limiting, and error handling. Activates when working with Huntress tools or API.