Introduction
OneFirewall WCF Platform brings together threat intelligence from multiple sources (Alliance), including government agencies, security vendors, and other organizations, and provides a centralized repository for this information
OneFirewall System Components
All services are managed using a containerized solution and deployed on a Kubernetes cluster. The cluster can be a service-managed solution from a cloud provider or an on-premises installation using open-source solutions based on Rancher.-
onefirewall-server:
- The core server that exposes the APIs of OneFirewall.
- Manages the UI functionalities of OneFirewall.
- Implements authentication using a database-based mechanism.
- Integrates authentication with OIDC providers: Google, GitHub, and Atlassian.
- Stores threat intelligence data in time series format within an Elasticsearch cluster.
-
onefirewall-elasticsearch:
- Manages threat intelligence data as time series.
- Supports data storage on persistent block storage or NAS servers.
-
onefirewall-db:
- Manages application data and configurations.
- Handles Identity and Access Management (IAM) for platform users.
-
onefirewall-rabbitmq:
- Acts as a message queue for data ingestion.
- Manages synchronization of threat intelligence data with the OneFirewall cloud platform.
-
onefirewall-queue-consumer:
- A server responsible for dequeuing messages from onefirewall-rabbitmq.
- Interacts with the ingestion APIs in onefirewall-server via onefirewall-proxy.
-
onefirewall-proxy:
- The API gateway for OneFirewall.
-
onefirewall-wcf-agent:
- Implements integrations with various existing router/firewall solutions.
- Supports both open-source and commercial firewall solutions.
-
onefirewall-log-analyzer:
- Handles integration with various SIEM solutions.
- Manages ingestion and processing of log data.
-
onefirewall-cloud-sync:
- Synchronizes threat intelligence data.
- Sends data packets to the message queue (onefirewall-rabbitmq).