Perched offers commercial support, education, custom development, and enterprise deployment of the RockNSM and CAPES platforms

Our Services

Education

We provide a variety of education services designed to get your team up and running quickly, so they can start catching bad guys.

Development

We like to think that ROCK and CAPES are pretty great out of the box, but we are here to help tailor it to your needs.

Consulting

Developing a successful Intelligence driven Security program is no small feat. Leverage our team's experience to develop a program that meets your needs.

Support

Deploying sensors at scale doesn't always go as planned. We're here to help when you need us.

Our Partners

Our Newest Partner

We look forward to starting the process of making ROCK a certified Red Hat ready solution.



Our First Partner

We are grateful that Elastic has agreed to partner with us during the founding days of our startup. Elastic is a core element of many large-scale NSM ecosystems and a leader in data search and analytics platform technologies.

Education Tracks

Foundations

This is the jumping off point for all other tracks and is the basis for all other specialized education.


Analyst

If you love collecting data and using it to tell a story, this is probably the track for you.

Operator

Operators love catching bad guys and are experts at figuring out where they are hiding in the data.

Engineer

Engineers are the wrench turners that deploy security sensors and keep them running in the heat of the battle.

Click on the course titles below to learn more about each course
Linux CLI

This introductory course is designed to equip a student with basic survival skills for the Linux command line. It is not intended to make them an expert, but rather familiarize them enough to perform basic administrative tasks without getting stuck in vim.


Duration: 1 Day

Syllabus

  • Design Principles
  • File System Layout
  • Using Vim (w/ lab)
  • Viewing Logs (w/ lab)
  • Package Management (w/ lab)
  • Working With Services (w/ lab)
  • SELinux Basics (w/ lab)

Prerequisites

There are no prerequisites for this course.

Introduction to Bro

An understanding of Bro is a foundational skill for anyone that wishes to use ROCK or ROCK Enterprise. This course is designed to take an operator or analyst who has never used Bro and bring them up to speed with it's capabilities.


Course Duration: 1 Day

Syllabus

  • System Setup
  • What is Bro?
  • Bro Project History
  • Bro vs. Wireshark (w/ lab)
  • Analyzing a packet capture (w/ lab)
  • Running Bro from the Command Line (w/ lab)
  • ASCII Logs Overview (w/ lab)
  • Filtering and Sorting Data (w/ lab)
  • Capture the Flag

Prerequisites

Linux CLI or basic familiarity of the Linux command line is recommended before attending this course.

Follow-On Courses

Operator Track

Engineer Track

Introduction to CAPES

An understanding of CAPES is a foundational skill for anyone that wishes to engage in Incident Response or Hunt Operations. This course is designed to take an operator or analyst who has never used the CAPES technology stack and bring them up to speed with its capabilities.


Course Duration: 1 Day

Syllabus

  • System Setup
  • What is CAPES?
  • CAPES Project History
  • CAPES Service - Landing Page (w/ demonstration)
  • CAPES Service - Incident Response (w/ demonstration)
  • CAPES Service - Indicator Enrichment (w/ demonstration)
  • CAPES Service - Chat (w/ demonstration)
  • CAPES Service - VoIP (w/ demonstration)
  • CAPES Service - Documentation (w/ demonstration)
  • CAPES Service - Wiki (w/ demonstration)
  • CAPES Service - Stack Monitoring (w/demonstration)

Prerequisites

Linux CLI or basic familiarity of the Linux command line is recommended before attending this course.

Follow-On Courses

Operator Track

Analyst Track

Engineer Track

Introduction to Elastic

Elastic is an open source data company whose products are integral to ROCK and ROCK Enterprise. This course will provide an overview of the products offered and an introduction to using the three primary products.


Duration: 1 Day

Syllabus

  • Elastic Company Overview
  • Elasticsearch (w/ lab)
  • Logstash (w/ lab)
  • Kibana (w/ lab)
  • Beats (w/ lab)
  • X-Pack Overview

Prerequisites

Linux CLI or basic familiarity of the Linux command line is recommended before attending this course.

Follow-On Courses

Operator Track

Engineer Track

Introduction to Kafka

This course will cover what message queuing is all about, how it is used, and why Kafka was chosen for ROCK. This is not a lab intensive course; it is designed to provide an overview of what is happening in the background with ROCK.

Course Duration: 4 Hours


Syllabus

  • What is a Messaging Queue
  • Kafka Overview
  • Publishers and Subscribers
  • Topics and Partitions
  • Kafka and ROCK history

Prerequisites

Linux CLI or basic familiarity of the Linux command line is recommended before attending this course.

Follow-On Courses

Engineer Track

Introduction to File Scanning Framework

File Scanning Framework (FSF) is an open source project by Emerson Electric that enables recursive file scanning with a combination of YARA rules and programming logic. This course will familiarize students with the tool's capabilities and provide an overview of YARA rules.


Duration: 1 Day

Syllabus

  • Project Overview
  • What is Recursive File Scanning?
  • YARA Rules (w/ lab)
  • Scanning a File (w/ lab)
  • Interpreting Scan Results (w/ lab)
  • Using jq (w/ lab)

Prerequisites

Linux CLI or basic familiarity of the Linux command line is recommended before attending this course.

Follow-On Courses

Operator Track

Engineer Track

Contact Us

Contact us and we'll get back to you as soon as we can.
inquiries@perched.io