rocknsm/rock

Created Jan 4, 2021 · View the rocknsm/rock repository page

Automated deployment scripts for the RockNSM network hunting distribution.

Want this for your repo?

Render a free sample of any GitHub repo in seconds.

Visualize your own →

Contributors

29

Lines of Code

3,100

From

Dec 1, 2015

To

Nov 8, 2020

About rocknsm/rock

ROCK is an automated deployment platform for network security monitoring and incident response, built on RHEL systems. It provides a complete sensor stack for passive network data collection and analysis, combining passive data acquisition through AF_PACKET with protocol analysis, signature detection, and full packet capture capabilities. The platform processes network data through a messaging layer powered by Kafka and Logstash before storing and indexing results in Elasticsearch for analysis and visualization through Kibana.

The system integrates several specialized security tools including Bro for protocol metadata extraction, Suricata for signature-based alerting, Google Stenographer for packet capture, and FSF for recursive file scanning. The architecture emphasizes scalability and reliability by decoupling data collection from storage and analysis through a message-oriented middleware approach. Notably, ROCK is designed to operate securely with SELinux enabled, addressing operational security requirements for enterprise deployments.

The project is primarily configured and deployed using Jinja templates and Ansible, with testing infrastructure built on Molecule for VMware environments. It targets network security professionals, system administrators, and incident response teams who need a robust platform for both continuous security monitoring and reactive incident investigations across enterprise networks.

Share this video