RocketCyber is a managed SOC platform offered as a Managed SOC Service detecting malcious activity across Endpoints, Network and Cloud attack pillars.

The RocketCyber Managed SOC Platform includes a built in app store so MSPs can enable purpose-built detection apps of interest. Some of our featured apps include Breach Detection, Threat Hunting, Event Log Monitoring, Office 365 threat detection, Firewall Monitoring and more. Put simply, RocketCyber enables MSPs to deliver billable monthly cyber security services to small-medium businesses.

Threat Hunting is the operation of proactively seeking cyber threats that go undetected in a network. RocketCyber's hunting finds malicious actors in your network that evade defenses such as firewall and antivirus systems. Once a malicious actor has established a foothold and persistence on a computer, many MSPs lack the advanced detection capabilities to seek and deter the advanced persistent threat from residing on the network. This is why threat hunting is an essential component of any MSP's SOC - security operation center and defense strategy.

All RocketCyber subscriptions include hunting capabilities via the Ondemand Hunts, Advanced Threat Hunt app, and the automated threat intelligence hunt feeds. The current 17 hunt test methodologies supported are:

  • Browser visit
  • DNS Cache Entry
  • Driver File Hash
  • Driver File Name
  • File Hash
  • File Name
  • Event in log source
  • Event in log category
  • Event ID in log
  • Event type in log
  • Service state
  • User account
  • Network connection
  • Process Hash
  • Process Name
  • Registry Key
  • YARA rules

Threat intelligence in its most basic form, is a repository of malicious artifacts, including IOCs (indicators of compromises), IOAs (Indicators of Attack), along with many other data elements such as who are the attackers, what industry is being targeted, etc.

There are numerous vendors that provide free and paid subscriptions to such repositories of intelligence. The challenge for most MSPs or SOCs is what to do with this intel. RocketCyber integrates with threat intelligence vendors to put this intel into action, consuming the artifacts and delivering a threat verdict while answering questions such as:

  • Is my system compromised?
  • Who is attacking me?
  • How were my defenses circumvented?

After creating a New Customer, a wizard is presented for deployment options. Alternative, navigate the Customers tab, and select deployment link next to the customer name.

RocketCyber Windows deployment options include a native GUI installer, PowerShell copy/paste script, PowerShell downloadable file, and through a number of popular RMM-Ready scripts such as Kaseya, Solarwinds, Connectwise, Datto, Syncro, Ninja and more. For macOS, a curl script is available.

When RocketCyber detects malicious and/or suspicious findings, incident tickets are delivered to your MSP's ticketing system.

Our current notification options include a native SMTP email alert configuration or alternatively through our API integrations with Autotask and Connectwise PSAs.

When an attacker gains a foothold on the network, Tactics are defined as the tactical stage, also known as the goal of the attacker. Techniques are defined as the technical operation carried out in order to obtain the goal.

Example Tactic - Establish persistence on a windows computer. While there are numerous techniques in order to accomplish this goal, an example technique - Adding entries to the run keys in the registry or startup folder, result in an attacker maintaining their precense under the context of the user in addition to obtaining the same level of access permissions.

Politely put, the majority of almost every breach victim over recent times had such cyber defenses in place also.

Breach Detection was developed specifically to detect intruders who have already evaded such firewalls and antivirus systems. It is equally important to reduce the 'dwell time' when an intruder does gain access to the network and deter their activity before the last tactical goal has been accomplished, which in most scenarios is the theft of data.

RocketCyber collects syslog data and then pasrses the relevant information needed to monitor for malicious activity. Most firewall vendors support the creation/forwarding of syslog data to the RocketCyber collector. If you have a firewall vendor that does not support syslog, contact your representative to determine an alternitive method such as a RESTful API.

The firewall vendors we continuously test in our labs are:

  • Cisco Meraki
  • Cisco ASA
  • Palo Alto (roadmap)
  • SonicWall
  • Untangle
  • Sophos
  • Fortinet
  • WatchGuard
  • pfSense
  • Barracuda
  • Ubiquiti

Supported operating systems

  • Windows 7 / Server 2008
  • Windows 8.1 / Server 2012 R2
  • Windows 10 / Server 2016 / 2019
  • macOS Mojave 10.14
  • macOS Catalina 10.15
  • macOS Big Sur 11.x

RocketCyber offers a full trial with all features for the Managed SOC. You can monitor unlimited endpoints, firewalls and Office 365 users. Add as many customers as you desire. The first 21-days are free. When the trial expires and you like our service, subscribe to the monthly SOC subscription.

All development is performed by US Citizens and located adjacent to our SOC Team in the heart of God's country - Dallas, Texas.

The default configuration for the Cyber Terrorist Monitoring app detects any type of network connection to the Department of Homeland Security's embargoed list of terrorist countries also known to perform hacking activities targeting small-medium businesses.

The RocketCyber Threat Map provides a visualization of detected connections in a war games type visualization. By clicking the details, we provide what started the connection along with technical details and threat reputation intel on the remote connection.

Deliver Cyber Security services with RocketCyber today!

Gain visibility into Endpoint, Network and Cloud attack pillars.

Popular Question

What attack pillars does RocketCyber provide visibility into?


  • Endpoint threats
  • Network threats
  • Cloud threats