-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathindex.html
143 lines (107 loc) · 8.41 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="keywords" content="Zeek IDS Suricata Stenographer Enterprise Linux SELinux ELK Elasticserch Logstash Kibana MOCYBER ROCK NSM ROCKNSM">
<meta name="description" content="Response Operation Collection Kit - ROCK NSM is a durable Network Security Monitoring sensor built with scalability, security, and hunt-centric tactics in mind.">
<title>ROCK NSM</title>
<script src="https://use.fontawesome.com/1200d58248.js"></script>
<link href='https://fonts.googleapis.com/css?family=Chivo:900' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="https://unpkg.com/[email protected]/build/pure-min.css" integrity="sha384-" crossorigin="anonymous">
<link rel="icon" href="/favicon.ico">
<!--[if lte IE 8]>
<link rel="stylesheet" href="css/layouts/side-menu-old-ie.css">
<![endif]-->
<!--[if gt IE 8]><!-->
<link rel="stylesheet" href="css/layouts/side-menu.css">
<!--<![endif]-->
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-73705120-1', 'auto');
ga('send', 'pageview');
</script>
</head>
<body>
<div id="layout">
<!-- Menu toggle -->
<a href="#menu" id="menuLink" class="menu-link">
<!-- Hamburger icon -->
<span></span>
</a>
<div id="menu">
<div class="pure-menu">
<a class="pure-menu-heading" href="#"><i class="fa fa-area-chart fa-sm" aria-hidden="true"></i> ROCK NSM</a>
<ul class="pure-menu-list">
<li class="pure-menu-item"><a href="http://rocknsm.io" class="pure-menu-link"><i class="fa fa-home fa-sm" aria-hidden="true"></i> Home</a></li>
<li class="pure-menu-item"><a href="https://blog.rocknsm.io" class="pure-menu-link"><i class="fa fa-edit" aria-hidden="true"></i> Blog</a></li>
<li class="pure-menu-item" class="pure-menu-item"><a href="https://download.rocknsm.io/isos/stable/" class="pure-menu-link"><i class="fa fa-download fa-sm" aria-hidden="true"></i> Download</a></li>
<li class="pure-menu-item"><a href="https://docs.rocknsm.io" class="pure-menu-link"><i class="fa fa-book fa-sm" aria-hidden="true"></i> Documentation</a></li>
<li class="pure-menu-item" class="pure-menu-item">
<a href="https://github.com/rocknsm" class="pure-menu-link"><i class="fa fa-github fa-sm" aria-hidden="true"></i> Github</a>
</li>
<li class="pure-menu-item"><a href="mailto:[email protected]" class="pure-menu-link"><i class="fa fa-envelope fa-sm" aria-hidden="true"></i> Email</a></li>
<li class="pure-menu-item" class="pure-menu-item"><a href="https://twitter.com/rocknsm/" class="pure-menu-link"><i class="fa fa-twitter fa-sm" aria-hidden="true"></i> Twitter</a></li>
<li class="pure-menu-item" class="pure-menu-item"><a href="http://community.rocknsm.io/" class="pure-menu-link"><i class="fa fa-comment-o" aria-hidden="true"></i> Community</a></li>
</ul>
</div>
</div>
<div id="main">
<div class="header">
<img src="images/rock_full.png" width="620" />
<h1>ROCK NSM</h1>
<h2>(Response Operation Collection Kit)</h2>
<h2>An open source Network Security Monitoring platform. </h2>
</div>
<div class="content">
<img src="images/single_architecture.png" width="800" />
<h2 class="content-subhead"><a class="anchor" href="#response-operation-collections-kit-reference-build" aria-hidden="true"></a>Response Operation Collection Kit</h2>
<p>
ROCK is a collections platform, in the spirit of Network Security Monitoring by contributors from all over industry and the public sector. It's primary focus is to provide a robust, scalable sensor platform for both enduring security monitoring and incident response missions. The platform consists of 3 core capabilities:
<ul class="fa-ul">
<li><i class="fa-li fa fa-square"></i>
Passive data acquisition via AF_PACKET, feeding systems for metadata (Zeek), signature detection (Suricata), and full packet capture (Stenographer).
</li>
<li><i class="fa-li fa fa-square"></i>
A messaging layer (Kafka and Logstash) that provides flexibility in scaling the platform to meet operational needs, as well as providing some degree of data reliability in transit.
</li>
<li><i class="fa-li fa fa-square"></i>
Reliable data storage and indexing (Elasticsearch) to support rapid retrieval and analysis (Kibana) of the data.
</li>
</ul>
</p>
<h2 class="content-subhead">Features</h2>
<p>
<ul class="fa-ul">
<li><i class="fa-li fa fa-check-square"></i><strong>Full Packet Capture</strong> via <a href="https://github.com/google/stenographer" target="_blank">Google Stenographer</a> and <a href="https://github.com/rocknsm/docket" target="_blank">Docket</a>.</li>
<li><i class="fa-li fa fa-check-square"></i><strong>Protocol Analysis and Metadata</strong> via <a href="http://zeek.org/" target="_blank">Zeek</a>.</li>
<li><i class="fa-li fa fa-check-square"></i><strong>Signature Based Alerting</strong> via <a href="https://suricata-ids.org/" target="_blank">Suricata</a>.</li>
<li><i class="fa-li fa fa-check-square"></i><strong>Recursive File Scanning</strong> via <a href="https://github.com/EmersonElectricCo/fsf" target="_blank">FSF</a>.</li>
<li><i class="fa-li fa fa-check-square"></i><strong>Message Queuing and Distribution</strong> via <a href="http://kafka.apache.org/" target="_blank">Apache Kafka</a>.</li>
<li><i class="fa-li fa fa-check-square"></i><strong>Message Transport</strong> via <a href="https://www.elastic.co/products/logstash" target="_blank">Logstash</a>.</li>
<li><i class="fa-li fa fa-check-square"></i><strong>Data Storage, Indexing, and Search</strong> via <a href="https://www.elastic.co/" target="_blank">Elasticsearch</a>.</li>
<li><i class="fa-li fa fa-check-square"></i><strong>Data UI and Visualization</strong> via <a href="https://www.elastic.co/products/kibana" target="_blank">Kibana</a>.</li>
<li><i class="fa-li fa fa-check-square"></i><strong>Security</strong> - The system is developed and tested to run with SELinux enabled.</li>
</ul>
</p>
<h2 class="content-subhead">Governance and Direction</h2>
<p>In 2019, a group of RockNSM creators and contributors formed the <b>RockNSM Foundation</b> to guide the development of RockNSM, and to be stewards of the project. In March of 2019, the <b>RockNSM Foundation</b> was officially registered in the state of Nebraska. The 501(c)3 paperwork has been filed with the IRS to make the <b>RockNSM Foundation</b> an official non-profit. The goal is to keep the intellectual property and future development of the RockNSM project free and open for anyone who wants to use it, and to protect it from outside influence. </p>
<h2 class="content-subhead">THANKS</h2>
<p>This architecture is made possible by the efforts of an ever-growing list of amazing people. Look around our <a href="https://github.com/rocknsm">Github</a> to see the whole list.</p>
<h2 class="content-subhead">Approach</h2>
<p>The Ansible playbook that drives this build strives not to use any external roles or other dependencies. The reasoning behind this is to make the rock playbook a "one-stop" reference for a manual build. This allows users to use the build process as a guide when doing larger scale production roll outs without having to decipher a labyrinth of dependencies.</p>
<p>Templated config files have comment sections added near key config items with useful info. They don't all have it, but they get added as remembered.</p>
<footer>
<small>
<i class="fa fa-rebel fa-sm" aria-hidden="true"></i> All views expressed in code comments and documentation are those of the individual contributor.
</small>
</footer>
</div>
</div>
</div>
<script src="js/ui.js"></script>
</body>
</html>