September 2014

SELKS 1.0 RC1 is out

0
By Posted on 2014-09-10 in Announces

Stamus Networks is proud to announce the availability of SELKS 1.0 RC1. This is the first release candidate of our live and installable ISO based on Debian implementing a ready to use Suricata IDS/IPS. More about SELKS you could read on our Open Source page.

This release includes major overhaul and improvements:

  • Introducing for the first time the new Stamus Networks package repositories developed especially for SELKS – Kibana, Scirius
  • Update and upgrade all software and SELKS the Debian way (apt-get or aptitude)
  • 9 ready to use out of the box IDS/IPS dashboards
  • Over 150 fields to search,select,filter and easily analyze upon right out of the box
  • Fully enabled logging
  • Suricata 2.1beta1 (adding flow and alert payload logging to the NSM arsenal)
  • Scirius 0.8  (latest release of our graphic Suricata ruleset manager)

A better interface

SELKS 1.0 RC1 comes with preloaded dashboards and a modified version of Kibana:

Dashboards

Screenshot from 2014-09-09 20:44:42
This allows interaction with Scirius, our open-source Suricata ruleset management interface:

Screenshot from 2014-09-09 20:26:15

SELKS 1.0 RC1 contains Suricata 2.1beta1 which brings flow and alert payload logging – available right out of the box on the predefined dashboards:

Screenshot from 2014-09-09 22:45:00

Alert-SELKS-Payload1

Easy upgrade

Stamus is dedicated to provide the latest releases of Suricata, htp and kernel level. That’s why we provide generic Debian packaging for the newest Suricata IDS/IPS , htp releases and newest long-term kernel level version (3.14.18 at the time of this writing).

SELKS comes with a standard Debian Wheezy distribution with 3.2 kernel – if you would like to upgrade to the latest long-term supported kernel you can just do (for example kernel 3.14.18):

apt-get update && apt-get upgrade
apt-get install linux-headers-3.14.18-stamus linux-image-3.14.18-stamus

For everything else you can just do:

apt-get update && apt-get upgrade

As easy as that!

DOWNLOAD SELKS HERE

 

Scirius v0.8

0
By Posted on 2014-09-03 in Announces

Stamus Networks is proud to announce the availability of the version 0.8 of Scirius, the web management interface for Suricata. This new release contains a lot of new features as well as bug fixes.

On the functional side, the main new features are:

  • Support for content such as IP reputation list
  • Changelog support: display change on sources after update
  • Global search: text search in all objects

    • The changelog on source is really useful to know what signatures have been added or modified:
    Screenshot from 2014-09-03 16:51:18

    The global search is accessible from the top bar in all pages. It allows you to quickly access to the matching objects:
    Screenshot from 2014-09-03 16:53:23

    Among the other features, one can also mention the syntax highlighting for the rule. Rule detail now comes with information about rule status in rulesets and rule stats:
    Screenshot from 2014-09-03 16:36:58

    We hope you will enjoy this new release. As usual it can be downloaded from Github. Happy NIDSing!

About this blog

Stamus Networks believes that information sharing is necessary to improve the global security level. The purpose of this blog is to share our experiences and experiments.

RECENT POSTS

CATEGORIES

ARCHIVES