Skip to content

What is ROCK

The Mission

  • Reliable - we believe the folks at Red Hat do Linux right. ROCK is built on Centos7 and provides an easy path to a supported enterprise OS (RHEL).

  • Secure - with SELinux, ROCK is highly secure by default. SELinux uses context to define security controls to prevent, for instance, a text editor process from talking to the internet. #setenforce1

  • Scalable - Whether you're tapping a SoHo network or a large enterprise, ROCK is designed with scale in mind.

Capability

  • Passive and reliable high-speed data acquisition via AF_PACKET, feeding systems for metadata (Bro), signature detection (Suricata), extracted network file metadata (FSF), and full packet capture (Stenographer).

  • A messaging layer (Kafka and Logstash) that provides flexibility in scaling the platform to meet operational needs, as well as providing some degree of data reliability in transit.

  • Reliable data storage and indexing (Elasticsearch) to support rapid retrieval and analysis (Kibana and Docket) of the data.

  • Pivoting off Kibana data rapidly into full packet capture (Docket and Stenographer).

Components

Analyst Toolkit

  • Kibana provides data UI and visualization

  • Docket allows for quick and targeted pivoting to PCAP