The Witnesses · Martyria · Node I

The Archive.
Permanent evidence indexing.

Baruch is the central SIEM and flow engine for SoftSol's out-of-band SOC — ingesting NetFlow, syslog, and Wazuh agent telemetry from certified SoftSol MikroTik routers in the field. Cloud Core and other higher-end RouterOS platforms are supported.

Open Wazuh Dashboard View ingest endpoints

baruch@archive $ docker compose ps

wazuh-indexer .............. UP

wazuh-manager .............. UP :1514

wazuh-dashboard ............ UP :5601 (via nginx :443)

elastiflow-collector ....... UP :2055/udp

baruch@archive $ curl -sk :9200/_cluster/health

{"status":"green","cluster_name":"wazuh-cluster"}

What Baruch preserves

Named for the scribe who recorded the deeds of kings — Baruch is the notary layer of The Witnesses architecture. Every flow record, firewall event, and agent alert is indexed for search, correlation, and long-horizon retention.

Wazuh 4.14

SIEM & Indexer

Single-node Wazuh stack with OpenSearch indexer tuned for 32 GB RAM — manager, indexer, and dashboard orchestrated via Docker.

ElastiFlow 6.4

Flow analytics

Collects NetFlow v9 and IPFIX from client routers, normalises records, and writes directly into the archive indexer.

Agent hub

Central registration

Elisha and future edge witnesses register here on port 1515 and stream alerts on 1514/tcp.

Ingress endpoints

Configure certified SoftSol MikroTik routers and agents to target these addresses over the WireGuard VPN.

172.17.12.34:2055/udp

NetFlow / IPFIX → ElastiFlow collector

172.17.12.34:1514/tcp

Wazuh agent event stream

172.17.12.34:514/udp

Remote syslog (firewall, system)

The Archive.Permanent evidence indexing.