npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

n8n-nodes-rocketcyber

v0.1.0

Published

RocketCyber (Kaseya managed SOC) node for n8n — query incidents, agents, events, firewalls, Microsoft 365, Defender status, and accounts. AI-agent ready.

Downloads

143

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

limited-lemonlimited-lemon

Keywords

n8n-community-node-packagerocketcyberkaseyasocmdrsiemsecuritymsp

Readme

n8n-nodes-rocketcyber

An n8n community node for RocketCyber — the Kaseya managed SOC / MDR platform. Query incidents, agents, events, firewall threats, Microsoft 365 and Defender security data, and your provider account hierarchy directly from your workflows.

The node is read-only (the RocketCyber v3 API exposes only GET endpoints) and is AI-agent ready (usableAsTool), so it can be wired straight into an AI Agent for SOC triage, reporting, and enrichment.

Installation

In n8n, go to Settings → Community Nodes → Install and enter:

n8n-nodes-rocketcyber

Or install from the command line in your n8n root:

npm install n8n-nodes-rocketcyber

Credentials

Create a RocketCyber API credential:

| Field | Description | |-------|-------------| | Region | Your RocketCyber data region: US (api-us), EU (api-eu), or AU (api-au). | | API Token | A provider API token. In the RocketCyber console go to Provider Settings → API and generate a token. |

The credential test calls GET /account, so an invalid token or wrong region fails immediately at save time.

Resources & operations

All operations are read-only.

| Resource | Operations | Endpoint | |----------|-----------|----------| | Account | Get | /account | | Agent | Get Many | /agents | | Incident | Get Many | /incidents | | Event | Get Many, Get Summary | /events, /events/summary | | Firewall | Get Many | /firewalls | | Microsoft 365 | Get Many | /office | | App | Get Many | /apps | | Microsoft Defender | Get | /defender |

Get Many operations support Return All (auto-paginate) or a Limit.

Filters

The RocketCyber API enforces a strict per-endpoint parameter allowlist, so the node only exposes filters the API actually accepts:

| Filter | Applies to | Values | |--------|-----------|--------| | Account ID | every resource | An MSP customer account ID. Leave empty for provider-level data across all customers. | | Status | Incident | open, resolved | | Status | App | active, inactive | | Verdict | Event | informational, suspicious, malicious | | App | Event (Get Many) | Required. The event source — picked from a dropdown populated live from /apps, or supplied as an ID via an expression. |

Events require an App. GET /events returns events for a single app source, so the App field is required for the Event → Get Many operation. Use Event → Get Summary for a count of events per app.

Use as an AI tool

This node sets usableAsTool: true. In an AI Agent, connect it as a tool and the model can call operations like "get many open incidents for account 52171" or "get the Defender summary" on its own. Because every endpoint is read-only, there is no risk of the model mutating SOC data.

Notes

  • Read-only: RocketCyber's v3 API has no create/update/delete endpoints; this node mirrors that.
  • Pagination: agents, incidents, events, and firewalls are page-based; apps and office return their full collection in a single request; account, defender, and the event summary return a single object.
  • Rate limits: RocketCyber rate-limits the API; the node returns a clear "rate limited" error on 429 so you can add a Wait/retry as needed.

License

MIT © Tristen Rice