ROCK Overview

What exactly sets ROCK apart from the other products in the space?

Foundation

  • RELIABLE - we believe the folks at Red Hat do Linux right. ROCK is built on Centos7 and provides an easy path to a supported enterprise OS (RHEL).

  • SECURE - with SELinux, ROCK is highly secure by default. SELinux uses context to define security controls to prevent, for instance, a text editor process from talking to the internet. #setenforce1

  • SCALABLE - Whether you're tapping a SoHo network or a large enterprise, ROCK is designed with scale in mind.

Capability

  • Passive and reliable high-speed data acquisition via AF_PACKET, feeding systems for metadata (Bro), signature detection (Suricata), extracted network file metadata (FSF), and full packet capture (Stenographer).

  • A messaging layer (Kafka and Logstash) that provides flexibility in scaling the platform to meet operational needs, as well as providing some degree of data reliability in transit.

  • Reliable data storage and indexing (Elasticsearch) to support rapid retrieval and analysis (Kibana and Docket) of the data.

  • Pivoting off Kibana data rapidly into full packet capture (Docket and Stenographer).

Components

Analyst Toolkit

  • Kibana provides data UI and visualization

  • Docket allows for quick and targeted pivoting to PCAP new for 2.2

Dataflow

Now that we've established a general understanding of the core components and what they provide, let's look at how data flows through the sensor.


Continue to Dataflow

results matching ""

    No results matching ""