ROCK Overview

What exactly sets ROCK apart from the other products in the space?

Foundation

  • ROBUST - we believe the folks at Red Hat do Linux right. ROCK is built on Centos7 and provides an easy path to a supported enterprise OS (RHEL).

  • SECURE - with SELinux, ROCK is secure by default. SELinux uses context to define security controls to prevent, for instance, a text editor process from talking to the internet. #setenforce1

  • SCALABLE - Whether you're tapping a SoHo network or a large enterprise, ROCK is designed with scale in mind.

Capability

  • Passive data acquisition via AF_PACKET, feeding systems for metadata (Bro), signature detection (Suricata or Snort), and full packet capture (Stenographer).

  • A messaging layer (Kafka and Logstash) that provides flexibility in scaling the platform to meet operational needs, as well as providing some degree of data reliability in transit.

  • Reliable data storage and indexing (Elasticsearch) to support rapid retrieval and analysis (Kibana) of the data.

Components

Analyst Toolkit

  • Kibana provides data UI and visualization

  • Docket allow for quick pivoting to PCAP files :wrench:new for 2.1

Dataflow

Now that we've established a general understanding of the core components and what they provide, let's look at how data flows through the sensor.


Continue to dataflow

results matching ""

    No results matching ""