Response Operation Collection Kit - ROCK NSM is a durable Network Security Monitoring sensor built with scalability, security, and hunt-centric tactics in mind.

Before booting to the ISO, connect the network interface that you intend to use to remotely manage ROCK. Why? During install, ROCK will see the network interface with an ip address and default gateway and designate it as the management port.

RockNSM is the premier sensor platform for Network Security Monitoring (NSM) hunting and incident response (IR) operations. ROCK is the open-source security distribution that prioritizes being: Reliable; Scalable; Secure; Above all else, ROCK exists to aid the analyst in the fight to find the adversary.

The lastest ROCK build is available at download.rocknsm.io. Applying the ISO¶ Now it's time to create a bootable USB drive with the fresh ROCK build. Let's look at few options. Linux¶ CLI¶ If you live in the terminal, use dd to apply the image. These instructions are …

We are pleased to announce that ROCK 2.5 is out! Here's a quick overview of some of the latest additions: NEW - ROCK has move to the ECS standard! legacy pipeline is still available (on ISO install) aliases are in place to assist backwards compatibility ; NEW - Out of the box support for XFS Disk Quotas . puts quota on /data or falls back to /

What is ROCK¶ The Mission¶ Reliable - we believe the folks at Red Hat do Linux right. ROCK is built on Centos7 and provides an easy path to a supported enterprise OS . Secure - with SELinux, ROCK is highly secure by default.

Jan 6, 2020 · This can occur after successful installation of the ROCK sensor. To identify if this is an issue, run sudo rockctl status and you'll see SURICATA: Active: failed (Result: exit-code) since Mon 2020-01-06 01:00:57 UTC; 40min ago

Let's get started and deploy a single ROCK sensor. This is the most straight forward (and most common) way to deploy. The TUI is an interactive user experience that improves the configuration process, rather than manually editing a .yml file.

Installation of ROCK can be broken down into three main steps: Install; Configure; Deploy; Before that, let's cover what you're going to need before starting. Sensor Hardware¶ The analysis of live network data is a resource intensive task, so the higher the …

ROCK uses a collection of open-source applications as described in this "Services" section. This portion of the documentation covers the basic administration of each of the major components of RockNSM.