What exactly sets ROCK apart from the other products in the space?
ROBUST - we believe the folks at Red Hat do Linux right. ROCK is built on Centos7 and provides an easy path to a supported enterprise OS (RHEL).
SECURE - with SELinux, ROCK is secure by default. SELinux uses context to define security controls to prevent, for instance, a text editor process from talking to the internet. #setenforce1
SCALABLE - Whether your tapping a SoHo network or a large enterprise, ROCK is designed with scale in mind.
Passive data acquisition via AF_PACKET, feeding systems for metadata (Bro), signature detection (Suricata or Snort), and full packet capture (Stenographer).
A messaging layer (Kafka and Logstash) that provides flexibility in scaling the platform to meet operational needs, as well as providing some degree of data reliability in transit.
Reliable data storage and indexing (Elasticsearch) to support rapid retrieval and analysis (Kibana) of the data.
Full Packet Capture via Google Stenographer.
Protocol Analysis and Metadata via Bro.
Recursive File Scanning via FSF.
Message Queuing and Distribution via Apache Kafka.
Message Transport via Logstash.
Data Storage, Indexing, and Search via Elasticsearch.
Data UI and Visualization via Kibana.
Continue with the Quickstart Guide to get up and running.