/rock-docs

Documentation for ROCK NSM

RockNSM is an open-source collections platform designed by the members of the Missouri National Guard Cyber Team (MOCYBER). It's primary focus is to provide a reliable, scalable, and secure sensor platform for Network Security Monitoring (NSM), network hunting, incident response (IR) missions. Why choose us over the other names in the NSM game? Continue to the OVERVIEW.

Latest

We've been working on a lot of changes and ROCK 2.2 is here! You can read the full details in the changelog, but here's a quick overview of some of the latest additions:

New Features
  • rockctl command to quickly check or change services
  • Docket, a REST API and web UI to query multiple stenographer instances, now using TCP port 443
  • Kibana is now running on TCP port 443
  • Added Suricata-Update to manage Suricata signatures
  • GPG signing of packages and repo metadata
  • Added functional tests using testinfra
  • Initial support of Elastic Common Schema
  • Elastic new Features
    • Canvas
    • Elastic Maps Service, fullscreen, heatmaps, and more
  • Includes full Elastic Stack (with permission) including features formerly known as X-Pack:
    • Graph
    • Machine Learning
    • Reporting
    • Security
    • Monitoring
    • Alerting
    • Elasticsearch SQL
Upgrades
  • CentOS is updated to 7.5 (1804)
  • Elastic Stack is updated to 6.4.2
  • Elastic dashboards, mappings, and Logstash config moved to module-like construct
  • Suricata is updated to 4.0.5
  • Bro is updated to 2.5.4

Video Guides

We've also been hard at work creating video content.

  • ROCK Introduction
    • what ROCK is and how everything works together
  • ROCK@home
    • 3 part series on the lowest barrier to entry: tapping your home network
  • BSidesKC 2018 - Bradford Dabbs - Threat Hunting with RockNSM
    • RockNSM is a passive network collection platform built by the Missouri Cyber Team to facilitate better incident response operations. This talk will discuss the benefits of a passive first approach and how RockNSM can be used to facilitate it.

Contents

OVERVIEW - concept / design, components / dataflow

BUILD - installation / configuration / deployment

OPERATE - basic usage / operation

MAINTAIN - administer / tune / troubleshoot

SERVICES - individual service management

DEV - development / testing / customization

Credit

This project is made possible by the efforts of an ever-growing list of amazing people. Take a look around our project to see all our contributors.

Continue to the Overview