Perched offers commercial support, education, custom development, and enterprise deployment of the RockNSM and CAPES platforms

Our Services

Education

We provide a variety of education services designed to get your team up and running quickly, so they can start catching bad guys.

Development

We like to think that ROCK and CAPES are pretty great out of the box, but we are here to help tailor it to your needs.

Consulting

Developing a successful Intelligence driven Security program is no small feat. Leverage our team's experience to develop a program that meets your needs.

Support

Deploying sensors at scale doesn't always go as planned. We're here to help when you need us.

Our Partners

Our Newest Partner

We look forward to starting the process of making ROCK a certified Red Hat ready solution.



Our First Partner

We are grateful that Elastic has agreed to partner with us during the founding days of our startup. Elastic is a core element of many large-scale NSM ecosystems and a leader in data search and analytics platform technologies.

Education Tracks

Foundations

This is the jumping off point for all other tracks and is the basis for all other specialized education.

Analyst

If you love collecting data and using it to tell a story, this is probably the track for you.

Operator

Operators love catching bad guys and are experts at figuring out where they are hiding in the data.

Engineer

Engineers are the wrench turners that deploy security sensors and keep them running in the heat of the battle.


Click on the course titles below to learn more about each course
Passive Operations and Tapping

It is important that a sensor engineer deploying ROCK or ROCK Enterprise understands that it is a passive system and what that means.

This course should clearly define the difference and explain how to utilize different tapping technologies so that they can weigh their options and make the best choices for their environment.


Course Duration: 1 Day

Syllabus

  • What are Passive Operations?
  • What are Active Operations?
  • Spanning Port Tap (w/ lab)
  • Inline Tapping (w/ lab)
  • Tap placement Whiteboard Exercises

Prerequisites

Intrusion Detection Systems

Bro Install, Operate, and Maintain

This course is designed to familiarize sensor engineers with the various ways to install and configure Bro. It will also briefly cover any ongoing maintenance that should be performed against an installation.


Course Duration: 1 Day

Syllabus

  • What is Bro
  • Installation options
    • Source (w/ lab)
    • RPM (w/ lab)
  • Deployment Options
    • Standalone (w/ lab)
    • Cluster (w/ lab)
  • Capture Methods
    • AF_PACKET (w/ lab)
    • PF_RING
  • Maintenance
    • broctl
    • bro-cron

Prerequisites

Linux CLI or basic familiarity of the Linux command line is recommended before attending this course.

Bro Intro

Advanced Bro

Follow-On Courses

Bro Performance Tuning

CAPES Install, Operate, and Maintain

This course is designed to familiarize sensor engineers with the various ways to install and configure CAPES. It will also briefly cover any ongoing maintenance that should be performed against an installation.


Course Duration: 1 Day

Syllabus

  • What is CAPES
  • Installation Options
    • Individual Installation (w/ lab)
    • CAPES Installation (w/ lab)
  • Landing Page (w/ lab)
  • TheHive (w/ lab)
  • Cortex (w/ lab)
  • Rocketchat (w/ lab)
  • Mumble (w/ lab)
  • Gitea (w/ lab)
  • Etherpad (w/ lab)
  • Kibana (w/ lab)
  • Beats (w/ lab)

Prerequisites

Linux CLI or basic familiarity of the Linux command line is recommended before attending this course.

Introduction to CAPES

Follow-On Courses

CAPES For Operators

Elastic Install, Operate, and Maintain

This course is designed to familiarize sensor engineers with the various ways to install and configure Elastic products.


Course Duration: 2 Days

Syllabus

  • Environment Preparation
    • Lab: Configure Prerequisites
  • Node Types
  • Components
    • Elasticsearch
    • Logstash
    • Beats
    • Kibana
    • Lab: Install and Configure Elastic Stack
    • Lab: Configure Logstash and Beats To Read Files Into Elasticsearch
  • Maintenance
    • Viewing Log Files (w/ lab)
    • Elasticsearch API (w/ lab)
    • Kibana Console (w/ lab)

Prerequisites

Linux CLI or basic familiarity of the Linux command line is recommended before attending this course.

Elastic Intro

Follow-On Courses

Elastic Performance Tuning

Kafka Install, Operate, and Maintain

It is important that a sensor engineer deploying ROCK or ROCK Enterprise understand how to optimize relaying messages from the NIC through a data pipeline effectively in order to provide near real time analysis and prevent data loss.


This is a lab intensive course


Course Duration: 1 Day

Syllabus

  • Installation Overview
  • Setup Prerequisites (w/ lab)
  • Install Zookeeper Cluster (w/ lab)
  • Install Kafka Cluster (w/ lab)
  • Using kafkacat
  • Creating Topics (w/ lab)

Prerequisites

Linux CLI or basic familiarity of the Linux command line is recommended before attending this course.

Kafka Intro

X-Pack Install, Operate, and Maintain

This course will walk sensor engineers through installing and configuring X-Pack.


Course Duration: 4 hours

Syllabus

  • What Is X-Pack
    • Security (Formerly shield)
    • Alerting (Via Watcher)
    • Monitoring (Formerly Marvel)
    • Reporting
    • Graph
    • Machine Learning
  • Installing X-Pack (w/ lab)
    • Configuring X-Pack (w/ lab)

Prerequisites

Elastic Intro

Bro Performance Tuning

This course will walk sensor engineers through how to tune Bro for optimal performance.

This is a lab intensive course.


Duration: 1 Day

Syllabus

  • Monitoring Incoming Bandwidth (w/ lab)
  • Identifying Performance Bottlenecks (w/ lab)
  • Selecting The Right Capture Cards
  • Tuning The Network Layer (w/ lab)
  • Tuning The Storage Layer (w/ lab)
  • CPU Pinning and NUMA Alignment (w/ lab)
  • Filtering What Bro Captures (w/ lab)

Prerequisites

Prerequisites

Linux CLI or basic familiarity of the Linux command line is recommended before attending this course.

Bro Intro

Advanced Bro

Bro Install, Operate, and Maintain

Elastic Performance Tuning

This course will walk sensor engineers through how to tune Elastic products for optimal performance.


Duration: 1 Day

Syllabus

  • Identifying Performance Bottlenecks (w/ lab)
  • Monitoring Performance With X-Pack (w/ lab)
  • System Sizing Considerations
  • General Performance Tuning (w/ lab)
  • Tuning the Java Virtual Machine (w/ lab)
  • Tuning for Indexing Speed (w/ lab)
  • Tuning or Search Speed (w/ lab)

Prerequisites

Elastic Intro

Elastic Install, Operate, Maintain

Contact Us

Contact us and we'll get back to you as soon as we can.
inquiries@perched.io