RocketCyber is a threat monitoring platform offered as a Software-as-a-Service and/or Managed Service detecting malcious activity across Endpoints, Network and Cloud attack pillars.

The RocketCyber Threat Monitoring Platform includes a built in app store so MSPs can enable purpose built detection apps of interest. Some of our featured apps include Breach Detection, Threat Hunting, Event Log Monitoring, Office 365 threat detection, Firewall Monitoring and more. Put simply, RocketCyber enables MSPs to deliver billable monthly cyber security services to small-medium businesses.

Threat Hunting is the operation of proactively seeking cyber threats that go undetected in a network. RocketCyber's hunting finds malicious actors in your network that evade defenses such as firewall and antivirus systems. Once a malicious actor has established a foothold and persistence on a computer, many MSPs lack the advanced detection capabilities to seek and deter the advanced persistent threat from residing on the network. This is why threat hunting is an essential component of any MSP's SOC - security operation center and defense strategy.

All RocketCyber subscriptions include hunting capabilities via the Ondemand Hunts, Advanced Threat Hunt app, and the automated threat intelligence hunt feeds. The current 17 hunt test methodologies supported are:

  • Browser visit
  • DNS Cache Entry
  • Driver File Hash
  • Driver File Name
  • File Hash
  • File Name
  • Event in log source
  • Event in log category
  • Event ID in log
  • Event type in log
  • Service state
  • User account
  • Network connection
  • Process Hash
  • Process Name
  • Registry Key
  • YARA rules

Threat intelligence in its most basic form, is a repository of malicious artifacts, including IOCs (indicators of compromises), IOAs (Indicators of Attack), along with many other data elements such as who are the attackers, what industry is being targeted, etc.

There are numerous vendors that provide free and paid subscriptions to such repositories of intelligence. The challenge for most MSPs or SOCs is what to do with this intel. RocketCyber integrates with threat intelligence vendors to put this intel into action, consuming the artifacts and delivering a threat verdict while answering questions such as:

  • Is my system compromised?
  • Who is attacking me?
  • How were my defenses circumvented?

After creating a New Customer, a wizard is presented for deployment options. Alternative, navigate the Customers tab, and select deployment link next to the customer name.

RocketCyber Windows deployment options include a native GUI installer, PowerShell copy/paste script, PowerShell downloadable file, and through a number of popular RMM-Ready scripts such as Kaseya, Solarwinds, Connectwise, Datto, Syncro, Ninja and more. For macOS, a dmg installer and Bash Script is available.

When RocketCyber detects malicious and/or suspicious findings, notifications can be delivered with details to your MSP's ticketing system.

Our current notification options include a native SMTP email alert configuration or alternatively through our API integrations with Autotask and Connectwise PSAs.

When an attacker gains a foothold on the network, Tactics are defined as the tactical stage, also known as the goal of the attacker. Techniques are defined as the technical operation carried out in order to obtain the goal.

Example Tactic - Establish persistence on a windows computer. While there are numerous techniques in order to accomplish this goal, an example technique - Adding entries to the run keys in the registry or startup folder, result in an attacker maintaining their precense under the context of the user in addition to obtaining the same level of access permissions.

Politely put, the majority of almost every other breach victim over recent times had such cyber defenses in place also.

Breach Detection was developed specifically to detect intruders who have already evaded such firewalls and antivirus systems. It is equally important to reduce the 'dwell time' when an intruder does gain access to the network and deter their activity before the last tactical goal has been accomplished, which in most scenarios is the theft of data.

RocketCyber collects syslog data and then pasrses the relevant information needed to monitor for malicious activity. Most firewall vendors support the creation/forwarding of syslog data to the RocketCyber collector. If you have a firewall vendor that does not support syslog, contact your representative to determine an alternitive method such as a RESTful API.

The firewall vendors we continuously test in our labs are:

  • Cisco Meraki
  • Cisco ASA
  • Palo Alto
  • SonicWall
  • Sophos
  • Fortinet
  • WatchGuard
  • pfSense

Supported operating systems

  • Windows 7 / Server 2008
  • Windows 8.1 / Server 2012 R2
  • Windows 10 / Server 2016 / 2019
  • macOS Mojave 10.14
  • macOS Catalina 10.15
  • Linux support is planned for 2020

RocketCyber offers two SaaS (Software-as-a-Service) licensing models, an Endpoint Plan and a Cloud/Network Plan. Both plans can be selected for complete visibility across endpoints, cloud and network attack vectors.The EndPoint Plan is priced and licensed by active agents being "monitored" during the monthly billing cycle. Agents that are deployed but are not actively monitoring during the billing cycle will not be charged. The Cloud/Network Plan is licensed by the number of firewalls monitored and/or volume of Office 365 users monitored.

Both plans are month-to-month billing with no minimum purchase requirements. The App Store provides a visualization of all current apps available in each plan.

Yes. It is very common for MSP customers to license our SaaS option in conjunction with a managed subscription plan. MSPs that are setup on both plans will have the ability to administrate and add customers from one plan to the other.

Common use cases for mixing and matching plans are whereby MSPs are tapped out on resources due to attrition, vacation, or other. Feel free to temporarily add customers to the managed plan and when your employee can return to administrating security operations, they can be moved back to the SaaS model if desired. In short, we have a working relationship with our customers and are here to help you deliver continuous security monitoring regardless of the subscription.

RocketCyber offers a full trial with all features for the SaaS (Professional Subscription). You can monitor unlimited endpoints, firewalls and Office 365 users. Add as many customers as you desire. The first 30-days are free.

All development is performed by US Citizens and located adjacent to our SOC Team in the heart of God's country - Dallas, Texas.

The default configuration for the Cyber Terrorist Monitoring app detects any type of network connection to the Department of Homeland Security's embargoed list of terrorist countries also known to perform hacking activites targeting small-medium businesses.

The RocketCyber Threat Map provides a visualization of detected connections in a war games type visualization. By clicking the details, we provide what started the connection along with technical details and threat reputation intel on the remote connection.

Deliver Cyber Security services with RocketCyber today!

Gain visibility into Endpoint, Network and Cloud attack pillars.

Poular Question

What attack pillars does RocketCyber provide visibility into?


  • Endpoint threats
  • Network threats
  • Cloud threats