What is Project Iris?
Project Iris brings visibility and threat detection to the IoT edge. Project Iris uses statistical techniques and machine learning to flag anomalous behavior occurring on edge gateways or edge devices.
How is Project Iris deployed?
Project Iris is an agent-based solution that is delivered as a Docker container and deployed on IoT edge gateways. The Iris container passively gathers data about edge devices and forwards the data to the Iris cloud service. The Iris cloud service analyzes the data and raises security alerts. The alerts are presented in the Project Iris web application.
What are the minimum requirements to run Project Iris?
- The Iris container is currently supported on Dell Edge Gateways running Linux with the EdgeX Foundry IoT platform or the Microsoft Azure IoT Edge platform.
- Minor gateway host configuration may be required to ensure collection of network flow data.
- The Iris container must be provisioned with at least 512M of memory.
Does the Iris container require any additional privileges to operate?
Yes, in order to collect the relevant monitoring data, the Iris container is required to run as root and requires the following additional container privileges beyond what is allocated by default:
- NET_ADMIN capability (--cap-add NET_ADMIN)
- host-level process namespace privileges (--pid host)
- host-level network privileges (--network host)
- access to the local Docker daemon UNIX domain socket via a volume mount (-v /var/run/docker.sock:/var/run/docker.sock)
What does this solution cost?
Nothing! We hope that participants benefit from our alerts while we are able to learn how to improve our alerts from the data you share with us!
Can I have more than one gateway associated with my account?
Yes, Iris is designed to support multiple gateway hosts. There is no limit to the number of gateways you may deploy the Iris container on.
How do I get started?