Every stage runs from a single statically-linked Rust binary. No runtime dependencies, no JVM, no Python. Easily configurable via a single rockfish.yaml file. Deploy via .deb package or Docker container.
Fully offline operation. No cloud APIs required. GeoIP and reputation caches persist locally for classified and isolated networks.
Built-in deployment profiles for operational technology environments with Modbus, DNP3, MQTT, and ENIP/CIP protocol detection.
MCP server exposes structured query and hunt tools to Claude and other AI assistants for conversational threat hunting.
Basic through Enterprise licensing with Ed25519-signed enforcement embedded directly in Parquet metadata.
Deploy Rockfish NDR in minutes. Single binary. No dependencies. Full pipeline.
Now we want to prove it.
We are looking for defense contractors and C3PAOs to deploy Rockfish NDR in a production environment at no cost. Slots are limited.
Requirements are simple: you run it, we support it, you tell us what you think. If that sounds like a fair trade, let's talk.