CSE498, Collaborative Design, Spring 2018
Computer Science and Engineering
Michigan State University

Rook Security, based out of Indianapolis, Indiana, is a leader in the managed detection and response service, providing IT security solutions to clients around the world.

Rook’s Force Platform protects their clients from malicious attacks by analyzing log data about client devices and appliances such as critical application servers. This log data is collected by Rook’s software agents running remotely on client host computers.

Rook’s diverse client base is growing quickly. In order to keep up with this growth, Rook’s log data agents must support various operating systems, and be easy to install and configure on client computers.

Our Endpoint Data Monitoring and Analysis Agent sends the digital defenders at Rook their clients’ system and application logs from client machines running Microsoft Windows, Apple MacOS or Linux operating systems. This enables client computers to continue working seamlessly and securely with our agent running in the background.

In addition to the agent, an extension of the Force Platform enables Rook analysts to deploy and configure agents as well as view agent health metrics. The ability of our agent to be managed remotely by Force Platform administrators ensures that any infringing anomalies are acted upon quickly.

Our Endpoint Data Monitoring and Analysis Agent system is written in Go for Windows, Mac, and Linux. The storage of our logs uses Amazon Simple Storage Service (S3). Our extension of the Force Platform is written in Python using the Django web framework. The front end utilizes ReactJS and Redux.