Certified SoftSol MikroTik routers on WireGuard VPN stream three independent telemetry channels — NetFlow to Baruch, TZSP packets to Elisha, and syslog to Baruch — so evidence survives even when the production path is compromised. Cloud Core and other higher-end RouterOS platforms are supported.
Each node has a single responsibility. No shared failure domain between archive and overseer.
Indexes flows, firewall events, and agent alerts. Hosts the Wazuh dashboard and ElastiFlow collector. The notary layer.
Decapsulates TZSP, inspects packets with Suricata, and forwards JSON alerts. No public web surface — telemetry only.
Certified SoftSol MikroTik routers — including Cloud Core and other higher-end platforms — mirror traffic and export flows over WireGuard to the Martyria VPN subnet.
The witness profile is applied to each certified SoftSol MikroTik router via RouterOS script import or SSH automation. Cloud Core and other higher-end RouterOS platforms are supported.
/ip traffic-flow target add dst-address=172.17.12.34 port=2055 version=9 src-address=<router-wg-ip> /ip firewall mangle add chain=prerouting action=sniff-tzsp sniff-target=172.17.12.35 sniff-target-port=37008 /ip firewall mangle add chain=postrouting action=sniff-tzsp sniff-target=172.17.12.35 sniff-target-port=37008 /system logging action add name=martyriabaruch target=remote remote=172.17.12.34 remote-port=514
