github.com/rocknsm/rock ↗
Automated deployment scripts for the RockNSM network hunting distribution.
Open this visualization on its own page →
Contributors
29
Lines of Code
3,100
From
2015-12-01
To
2020-11-08
About rocknsm/rock
ROCK is an automated deployment platform for network security monitoring and incident response, built on RHEL systems. It provides a complete sensor stack for passive network data collection and analysis, combining passive data acquisition through AF_PACKET with protocol analysis, signature detection, and full packet capture capabilities. The platform processes network data through a messaging layer powered by Kafka and Logstash before storing and indexing results in Elasticsearch for analysis and visualization through Kibana.
The system integrates several specialized security tools including Bro for protocol metadata extraction, Suricata for signature-based alerting, Google Stenographer for packet capture, and FSF for recursive file scanning. The architecture emphasizes scalability and reliability by decoupling data collection from storage and analysis through a message-oriented middleware approach. Notably, ROCK is designed to operate securely with SELinux enabled, addressing operational security requirements for enterprise deployments.
The project is primarily configured and deployed using Jinja templates and Ansible, with testing infrastructure built on Molecule for VMware environments. It targets network security professionals, system administrators, and incident response teams who need a robust platform for both continuous security monitoring and reactive incident investigations across enterprise networks.