Browse AppStore
RocketCyber’s threat detection apps provide solutions for many cybersecurity use cases. Each use case facilitates cyber monitoring opportunities for the managed service provider. Login to your account to turn on preferred RocketApps, no separate installation required.
Each App is purposely built to detect malicious/suspicious activity spanning endpoint, network and cloud attack pillars. When threats are detected, RocketCyber provides the MSP operator reporting, a triage view and the ability to receive incident tickets to your PSA.

IOC MONITOR
Continuous monitoring for Indicators of Compromise to address emerging and changing threats.

DATTO EDR MONITOR
This app receives events from Datto EDR.

DEFENDER FOR BUSINESS
This app collects detection data and events from Microsoft Defender for Business.

VULSCAN COLLECTOR
This app collects vulnerability scan data generated by RapidFire Tools Vulscan and feeds back details on all issues including remediation recommendations.

GRAPHUS
This app collects threat telemetry from Graphus Email Security.

VSA THREAT HUNT
Detects threat artifacts and indicators for the Kaseya VSA RMM.

EXCHANGE HAFNIUM EXPLOIT
Detects threat artifacts and indicators for Microsoft Exchange on-prem.

SOPHOS MONITOR
Monitor Sophos NGAV threat and log activity, then leverage RocketCyber SOC for triaging and PSA incident ticketing

PASSLY MONITOR
Monitor Passly 2FA log activity, then leverage RocketCyber SOC for triaging and PSA incident ticketing.

BARRACUDA EMAIL MONITOR
Monitor your Barracuda ESS or Sentinel email threats, then leverage RocketCyber SOC for triaging and PSA incident ticketing.

DNSFILTER MONITOR
Monitor DNS Filter threat and log activity, then leverage RocketCyber SOC for triaging and PSA incident ticketing.

PWNED MONITOR
Monitor your SMB customer email and domain accounts to identify if they have been compromised in a data breach.

DEEP INSTINCT MONITOR
This app reports on Deep Instinct threat detections and brings in the results to the RocketCyber SOC Platform.

PRINT NIGHTMARE HUNT
This app performs critical checks for the Windows Remote Code Execution Print Spooler Vulnerabilities.

IRONSCALES EMAIL SECURITY ANALYZER
This app reports on IronScales email threats and brings in the results to the RocketCyber SOC Platform.

BITDEFENDER MONITOR
This app reports on BitDefender threat detections and brings in the results to the RocketCyber SOC Platform.

CYLANCE MONITOR
This app reports on Cylance threat detections and brings in the results to the RocketCyber SOC Platform.

WEBROOT MONITOR
This app reports on Webroot threat detections and brings in the results to the RocketCyber SOC Platform.

SENTINELONE MONITOR
This app reports on SentinelOne threat detections and brings in the results to the RocketCyber SOC Platform. This app supports remediation actions and whitelisting.

DEFENDER MANAGER
This app provides full multi-tenant command and control of Microsoft Defender. Now you have the power to utilize the advanced capabilities including Attack Surface Reduction, Advanced Ransomware protection and more.

FIREWALL LOG ANALYZER
This app provides multi-tenant firewall log monitoring acting as a syslog collector. Messages are parsed, analyzed and enriched with threat intel for potential threat indicators. When a threat or security event is detected, meassage details show up in the console.

OFFICE 365 LOG MONITOR
Multi-tenant event log monitor for all accounts linked to Microsoft Office 365 providing visibility into users, groups, Azure Active Directory activity and more.

OFFICE 365 LOGIN ANALYZER
Detects successful and unsuccessful logins outside the expected countries, known malicious IP addresses and adversaries, exposing unauthorized authentication activity.

OFFICE 365 SECURE SCORE
Overall description of cloud security posture with itemized remediation plans across all Office 365 tenants.

ADVANCED BREACH DETECTION (TTPS)
Continuous monitoring app for attacker Tactics, Techniques, & Procedures that circumvent security prevention defenses such as Anti-virus and Firewalls.

CYBER TERRORIST NETWORK CONNECTION
This app detects network connections to nation states that are known to engage in cyberterrorist activities targeting small businesses.

MALICIOUS FILE DETECTION
Monitors and detects malicious files that are written to disk or executed. This app is used as a backup for detecting malicious files that slip past your primary Anti-virus solution.

SUSPICIOUS NETWORK SERVICES
Monitors TCP & UDP services that are commonly leveraged for malicious intent and detects unnecessary services mitigating a potential backdoor.

SUSPICIOUS TOOLS
Detects suspicious tools that should not be present on SMB networks such as hacking utilities, password crackers, etc. used for malicious intent.

ON-DEMAND THREAT HUNTING
Performs threat queries on all of your customer endpoints searching for common hunts; Hashes, URLs, Processes and Files.
Read More
THREAT HUNTING
Provides investigative capabilities to find malicious activity through 17 categories of analysis, e.g. processes, hashes, URLs, and IOCs.
Read More
CRYPTO MINING DETECTION
Monitors for Cryptojacking, the unauthorized use of a computer to mine cryptocurrency. Detects for endpoint presence and in-browser javascript miners.
Read More
THREAT INTELLIGENCE FEEDS
This app delivers threat feeds from RocketCyber and our partner intelligence providers, delivering actionable information on attackers.

ON-DEMAND MALWARE ANALYZER
This free app service analyzes files for viruses, trojans and malicious content and responds with a verdict of malicious or benign.

SYSTEM PROCESS VERIFIER
Analyzes system processes for known suspicious or malicious behaviors based on various factors including disk image location, timestamp fingerprinting and Levenshtein distance calculations.

ENDPOINT EVENT LOG MONITOR
Microsoft Windows & macOS event log monitoring detects and alerts security related activities such as failed logins, clearing security logs, unauthorized activity, etc.
Read More
ACTIVE DIRECTORY MONITOR AND SYNC
This app will monitor for changes to user accounts in Active Directory and synchronize changes to the Breach Secure Now Cloud. Optionally reporting changes to the RocketCyber Console