This repository hosts the full documentation for RockNSM, an open-source collections platform that focuses on being reliable, scalable, and secure in order to perform Network Security Monitoring (NSM), network hunting, and incident response (IR) missions.
Enter the full documentation at https://rocknsm.github.io/rock-docs/.
We are pleased to announce that ROCK 2.3 is here! The RockNSM team has been hard at work lately trying to get into a more regular cadence for releases. While RockNSM 2.2 was a relatively small release, 2.3 comes with a lot of changes. You can read the full details in the releases page, but here's a quick overview of some of the latest additions:
- Support for Elastic 7 pre-release
- Bro 2.6, Suricata 4.2, Elastic 6.6, plus the latest JA3 and ET rules
- Query PCAP directly from Kibana via Docket
- Multi-node support
- Artifact restructuring
- 61 closed issues (including a lot of outdated items)
There are several video walkthroughs in the Tutorials Section.
This project is made possible by the efforts of an ever-growing list of amazing people. Take a look around our project to see all our contributors.