Great post by Guy Bruneau on using RockNSM to compare SSH port/client activity Johannes Ullrich buff.ly/2XQHD3x

The latest version of RockNSM hit over a thousand downloads in less than 23 days!!! Since launching as the first NSM platform to integrate with Elastic, we've grown a team of users and contributors trying to save the world. We are honored to be part of this. Onward and upward!

We have been informed of a bug in Elasticsearch 6.7 and 6.7.1 will be released soon. In light of this, we’re delaying the release of version 2.4 until 6.7.1 is released.

Many thanks to UTSA NSCC for inviting the RockNSM team to share our approach to network hunting with your students and partners! UT San Antonio Research Derek Ditch Jeff Geiger Perched - an Elastic Company

We’re so excited to announce RockNSM 2.4! Featuring Elastic Stack 7, a new Text User Interview (TUI), redesigned ROCK manager, and many more updates outlined here buff.ly/2KpqsDG. Download here buff.ly/2U7kerK

If you downloaded RockNSM 2.4.0 already today, thanks for being as excited as we are! But we found a glitch that we fixed and have now published 2.4.1! Please download the new ISO and ROCK on! buff.ly/2Nsfdbm

We’re so excited to announce RockNSM 2.4.1! Featuring Elastic Stack 7, a new Text User Interface (TUI), redesigned ROCK manager, and many more updates outlined here buff.ly/2KpqsDG. Download here buff.ly/2U7kerK

The new Text User Interface (TUI) in ROCK 2.4 make configuring and deploying ROCK much simpler and provides a fresh UI to help get you started. Check out more info on the release blog buff.ly/2KpqsDG and download ROCK 2.4 here buff.ly/2Nsfdbm

Did you know that in ROCK 2.4 we have added top-level tags for each deployment role to make it easier to select what will be included. Check out more info on the release blog buff.ly/2KpqsDG and download ROCK 2.4 here buff.ly/2Nsfdbm

Have sparse data that doesn’t align well with daily or weekly Index rotation? Elastic 7’s new Index Lifecycle Management UI in ROCK lets you rollover based on size. Check out more info on the release blog buff.ly/2KpqsDG and download ROCK 2.4 here buff.ly/2Nsfdbm

ROCK 2.4 makes it easier to customize a deployment without editing any configuration files. Want to run an online install? Just say “sudo rock deploy”. Check out more info on the release blog buff.ly/2KpqsDG and download ROCK 2.4 here buff.ly/2Nsfdbm

Have you asked a ROCK for help lately? With the new ROCK Manager, you can manage your sensor and even get help with “$ rock help”.

Awesome RockNSM Docket integration with a leading SOAR platform, Swimlane. This provides an automated query and retrieval of PCAP. Detailed blog post is in the works. Stay tuned. buff.ly/2LuDf8p

This is the story of RockNSM. This is the impact that continues to drive us forward. afcea.org/content/cyber-… #mocyber #rocknsm #cybermilitia

We’ve just added HASSH from the @SalesforceEng team. This is similar to JA3 in that it can identify specific Client and Server SSH implementations in the form of a small MD5 fingerprint. Download the newest version over at buff.ly/2DTVf6l buff.ly/2EbGFsT

Awesome to see RockNSM being used by Forces outside of the US! Great job team and we're glad the platform helped in your threat hunting! buff.ly/2Omvjaz

ROCK 2.5 is in the final stages of QA testing and a release is imminent. 100% ECS compliance. Disk XFS disk quotas to manage storage. Working dashboards (and even some **awesome** new ones)! Fixed the x509 certificate issue with Docket. For those about to ROCK, we salute you.

HUGE update with RockNSM 2.5 Elastic 7.6 Zeek 3 Suricata 5 ECS eeeeerrrrryyyyyywhere New dashboards Get it while it's hot! mirror.rocknsm.io/isos/stable/ro… Big thanks to the #RockNSM team for their super-human efforts to help us get over the line!

Walkthrough of hunting #Qbot #qakbot with rocknsm and Elastic is live to include detection logic w/KQL and Yara. No IDS alerts, all raw thrunting. Packets by malware_traffic #DFIR #4n6 huntops.blue

Thanks Phill Moore for including my #NSM research project, HuntOps.blue, in the latest update of TWi4n6. Very humbling. rocknsm Elastic #DFIR #4n6