Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Ridgeback Architecture

The Superadmin, Admin, and User

A superadmin account controls everything, an admin account controls an organization, and a user uses Ridgeback.

user hierarchy A superadmin account manages admin accounts. Admin accounts manage user accounts.

An Rcore Covers a Network Segment

You only need one Rcore per network segment, or layer 2 broadcast domain. You can add multiple Rcores per segment for special coverage, but be sure there is no more than one Rcore per segment that is injecting traffic. Otherwise, the dogs will get into a fight.

broadcast domains A single rcore can cover an entire layer 2 broadcast domain (network segment).

Service Containers Run Inside Docker

You pull an image from a container registry. Then you turn that image into a running service container.

creating a service A service container is made with docker-compose.yml, .env, and a service image.

Services Provide Services

The primary service containers are:

  • analytics: The analytics service generates useful metrics.
  • enrichment: The enrichment service provices "enrichment" data to fuse with your data.
  • manager: Rcores communicate with the manager service.
  • policy: The policy service manages automation.
  • server: This is what the web client connects to.
  • surface: The surface service maps out the attack surface.

Ridgeback services Ridgeback is composed of many services.

Physical or Virtual

You can run an Rcore on physical or virtual computers.

rcore placement An rcore can be hardwired or wireless, physical or virtual.