Introduction

OneFirewall WCF Platform brings together threat intelligence from multiple sources (Alliance), including government agencies, security vendors, and other organizations, and provides a centralized repository for this information

OneFirewall System Components

All services are managed using a containerized solution and deployed on a Kubernetes cluster. The cluster can be a service-managed solution from a cloud provider or an on-premises installation using open-source solutions based on Rancher.

  • onefirewall-server:

    • The core server that exposes the APIs of OneFirewall.

    • Manages the UI functionalities of OneFirewall.

    • Implements authentication using a database-based mechanism.

    • Integrates authentication with OIDC providers: Google, GitHub, and Atlassian.

    • Stores threat intelligence data in time series format within an Elasticsearch cluster.

  • onefirewall-elasticsearch:

    • Manages threat intelligence data as time series.

    • Supports data storage on persistent block storage or NAS servers.

  • onefirewall-db:

    • Manages application data and configurations.

    • Handles Identity and Access Management (IAM) for platform users.

  • onefirewall-rabbitmq:

    • Acts as a message queue for data ingestion.

    • Manages synchronization of threat intelligence data with the OneFirewall cloud platform.

  • onefirewall-queue-consumer:

    • A server responsible for dequeuing messages from onefirewall-rabbitmq.

    • Interacts with the ingestion APIs in onefirewall-server via onefirewall-proxy.

  • onefirewall-proxy:

    • The API gateway for OneFirewall.

  • onefirewall-wcf-agent:

    • Implements integrations with various existing router/firewall solutions.

    • Supports both open-source and commercial firewall solutions.

  • onefirewall-log-analyzer:

    • Handles integration with various SIEM solutions.

    • Manages ingestion and processing of log data.

  • onefirewall-cloud-sync:

    • Synchronizes threat intelligence data.

    • Sends data packets to the message queue (onefirewall-rabbitmq).

Introduction

OneFirewall WCF Platform brings together threat intelligence from multiple sources (Alliance), including government agencies, security vendors, and other organizations, and provides a centralized repository for this information

OneFirewall System Components

All services are managed using a containerized solution and deployed on a Kubernetes cluster. The cluster can be a service-managed solution from a cloud provider or an on-premises installation using open-source solutions based on Rancher.

  • onefirewall-server:

    • The core server that exposes the APIs of OneFirewall.

    • Manages the UI functionalities of OneFirewall.

    • Implements authentication using a database-based mechanism.

    • Integrates authentication with OIDC providers: Google, GitHub, and Atlassian.

    • Stores threat intelligence data in time series format within an Elasticsearch cluster.

  • onefirewall-elasticsearch:

    • Manages threat intelligence data as time series.

    • Supports data storage on persistent block storage or NAS servers.

  • onefirewall-db:

    • Manages application data and configurations.

    • Handles Identity and Access Management (IAM) for platform users.

  • onefirewall-rabbitmq:

    • Acts as a message queue for data ingestion.

    • Manages synchronization of threat intelligence data with the OneFirewall cloud platform.

  • onefirewall-queue-consumer:

    • A server responsible for dequeuing messages from onefirewall-rabbitmq.

    • Interacts with the ingestion APIs in onefirewall-server via onefirewall-proxy.

  • onefirewall-proxy:

    • The API gateway for OneFirewall.

  • onefirewall-wcf-agent:

    • Implements integrations with various existing router/firewall solutions.

    • Supports both open-source and commercial firewall solutions.

  • onefirewall-log-analyzer:

    • Handles integration with various SIEM solutions.

    • Manages ingestion and processing of log data.

  • onefirewall-cloud-sync:

    • Synchronizes threat intelligence data.

    • Sends data packets to the message queue (onefirewall-rabbitmq).