ROCK Overview

What exactly sets ROCK apart from the other products in the space?


  • ROBUST - we believe the folks at Red Hat do Linux right. ROCK is built on Centos7 and provides an easy path to a supported enterprise OS (RHEL).

  • SECURE - with SELinux, ROCK is secure by default. SELinux uses context to define security controls to prevent, for instance, a text editor process from talking to the internet. #setenforce1

  • SCALABLE - Whether you're tapping a SoHo network or a large enterprise, ROCK is designed with scale in mind.


  • Passive data acquisition via AF_PACKET, feeding systems for metadata (Bro), signature detection (Suricata or Snort), and full packet capture (Stenographer).

  • A messaging layer (Kafka and Logstash) that provides flexibility in scaling the platform to meet operational needs, as well as providing some degree of data reliability in transit.

  • Reliable data storage and indexing (Elasticsearch) to support rapid retrieval and analysis (Kibana) of the data.


Analyst Toolkit

  • Kibana provides data UI and visualization

  • Docket allow for quick pivoting to PCAP files :wrench: new for 2.1


Now that we've established a general understanding of the core components and what they provide, let's look at how data flows through the sensor.

Continue to dataflow

results matching ""

    No results matching ""