Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From kaseya-rocketcyber
Detects, categorizes, and monitors applications across RocketCyber-managed endpoints for inventory, compliance reporting, approved/unapproved tracking, and threat context.
npx claudepluginhub wyre-technology/msp-claude-plugins --plugin rocketcyberHow this skill is triggered — by the user, by Claude, or both
Slash command
/kaseya-rocketcyber:appsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
RocketCyber tracks applications detected across managed endpoints through its agent telemetry. The application inventory provides visibility into what software is installed and running in customer environments, supporting security compliance, threat investigation, and software governance.
Audits software inventory across devices using ZDX data. Lists installed software, filters by location/department/user, and drills into version details for compliance and vulnerability assessments.
Manages RocketCyber RocketAgent: deployment, installation, online/offline status, health monitoring, troubleshooting, platform support, and connectivity diagnostics on Windows, macOS, Linux endpoints.
Queries SentinelOne unified asset inventory for endpoints, cloud resources, identities, and network-discovered devices using REST API tools with offset pagination, filters, and sorting for MSP audits.
Share bugs, ideas, or general feedback.
RocketCyber tracks applications detected across managed endpoints through its agent telemetry. The application inventory provides visibility into what software is installed and running in customer environments, supporting security compliance, threat investigation, and software governance.
Key capabilities:
RocketAgent continuously monitors endpoints and reports detected applications back to the RocketCyber platform. Detection covers:
Applications may be categorized by type (verify categories against API docs):
| Category | Description | Examples |
|---|---|---|
| Security | Security and antivirus tools | Windows Defender, CrowdStrike, SentinelOne |
| Remote Access | Remote control and access tools | TeamViewer, AnyDesk, LogMeIn |
| Productivity | Business and productivity software | Microsoft Office, Google Workspace |
| Communication | Messaging and collaboration | Slack, Teams, Zoom |
| Development | Development tools and IDEs | Visual Studio, VS Code, Git |
| System | OS and system utilities | Windows Update, .NET Runtime |
| Unknown/Other | Uncategorized applications | Custom or niche software |
Application inventory matters for security because:
| Field | Type | Description |
|---|---|---|
id | integer | Unique application record identifier (verify against API docs) |
name | string | Application name |
version | string | Application version (verify against API docs) |
publisher | string | Application publisher/vendor (verify against API docs) |
category | string | Application category (verify against API docs) |
accountId | integer | Customer account where the app was detected |
agentId | integer | Agent/endpoint where the app was detected (verify against API docs) |
hostname | string | Endpoint hostname (verify against API docs) |
detectedAt | datetime | When the application was first detected (verify against API docs) |
lastSeen | datetime | Most recent detection timestamp (verify against API docs) |
Note: Field names are inferred from common SOC platform conventions. Verify exact field names against RocketCyber API responses.
# Applications for a specific customer
curl -s "https://api-${ROCKETCYBER_REGION:-us}.rocketcyber.com/v3/apps?accountId=12345" \
-H "Authorization: Bearer ${ROCKETCYBER_API_KEY}"
Response (verify against API docs):
{
"data": [
{
"id": 7001,
"name": "TeamViewer",
"version": "15.40.0",
"publisher": "TeamViewer GmbH",
"category": "Remote Access",
"accountId": 12345,
"hostname": "WORKSTATION-01",
"detectedAt": "2026-01-15T08:00:00Z",
"lastSeen": "2026-02-23T09:00:00Z"
},
{
"id": 7002,
"name": "Windows Defender",
"version": "4.18.24010",
"publisher": "Microsoft",
"category": "Security",
"accountId": 12345,
"hostname": "WORKSTATION-01",
"detectedAt": "2025-06-15T09:00:00Z",
"lastSeen": "2026-02-23T09:00:00Z"
}
],
"totalCount": 150,
"page": 1,
"limit": 50
}
# All applications across all customer accounts
curl -s "https://api-us.rocketcyber.com/v3/apps" \
-H "Authorization: Bearer ${ROCKETCYBER_API_KEY}"
When investigating a security incident:
| Scenario | HTTP Code | Resolution |
|---|---|---|
| Invalid API key | 401 | Verify key in Provider Settings > API |
| Account has no apps | 200 (empty) | Agents may not have reported yet, or no agents deployed |
| Rate limited | 429 | Back off 30 seconds, retry |
No applications found for account ID 12345.
This could mean:
- Agents have not yet reported application data
- No agents are deployed to this customer
- The account ID is incorrect (verify with /accounts endpoint)