<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

SELKS5 Beta: new hunting interface and FPC

Hey! Our new and upgraded showcase for Suricata has just been released - SELKS5 Beta. Thanks to lots of help from the community and dev work we are pleased to announce the first beta release of our new SELKS5.

Our major new features and additions include :

  • Suricata IDS/IPS/NSM 4.1-dev - latest Suricata packaged with new and enabled features like
    • Full Packet Capture enabled on SELKS  - yes, Suricata can do FPC as well.
    • Rust enabled
      • new protocols SMBv1/2/3, NFSv4, Kerberos, FTP, DHCP, IKEv2
      • more possibility for file extraction - SMTP/HTTP/SMB/NFS/FTP
    • Hyperscan enabled for extra performance boost.
  • Major upgrade from Elasticsearch/Kibana/Logtsash (ELK) 5.x to the ELK 6 stack making available a ton of new features and enhancements.
  • Scirius 3.0
    • New Hunt interface allowing for fast drill down approach enabling of filtering out the noise and concentrating on threats in seconds
    • Grouped rules factorization via usage of IP reputation feature of Suricata

  • Evebox - bugfixes and parsing improvements.
  • Debian - our favorite OS
  • Moloch  -  The new SELKS makes use of Moloch and Moloch viewer to parse and view the full packet capture done by Suricata. Moloch comes with an arsenal of tools and features on its own like:
    • CyberChef
    • Extremely flexible and easy to use interface for FPC drill down, filtering,search and pcap export

As always we are very thankful to the above Open Source projects and tools for making it possible to showcase Suricata and our new distro

SELKS is both Live and installable Network Security Management ISO based on Debian implementing and focusing on a complete and ready to use Suricata IDS/IPS ecosystem with its own graphic rule manager. Stamus Networks is a proud member of the Open Source community and SELKS is released under GPLv3 license.

Download

To download SELKS 5, pick one of the two flavors:

SELKS with desktop
  • HTTP: SELKS-5.0beta1-desktop.iso
  • MD5sum: af4ae135dd60baea7183ac5bdb4a5863
  • Sha1sum: 878348effeefda387677002cb0d1aab529752ad3
  • Sha256sum: d6cf5e0bd583315e9b10229a1c73938087e3377997317ceed508fc55e5239c19
SELKS without desktop
  • HTTP: SELKS-5.0beta1-nodesktop.iso
  • MD5sum: 3bfbb8cf626f0f2979f02148c2bad4f5
  • Sha1sum: 80d0b855608ad458781478d1e2e9fd41c56b0c06
  • Sha256sum: 34019555e07e0cf47b3fb1e260f7c0b024553267338f02df8f949a1ef208741f

Usage

You can find the start instruction including the initial setup script usage on SELKS 5.0 wiki page.

SELKS 4 user can upgrade their running systems using the following Upgrade instructions.

Visual tour

Some visuals to give you a glimpse of the things you can do with SELKS.

Scirius landing page - Administer, Hunt, Search, Drill down and filter, Correlate events and FPC Scirius landing page - Administer, Hunt, Search, Drill down and filter, Correlate events and FPC

21 ready to use Kibana dashboards consisting of over 200 visualizations 21 ready to use Kibana dashboards consisting of over 200 visualizations

Moloch Suricata Plugin Moloch Suricata Plugin

Moloch and CyberChef navigation, drill down and display Moloch and CyberChef navigation, drill down and display

TLS GeoIP and sni breakdown TLS GeoIP and sni breakdown

TLS version and sni TLS version and sni

TFTP GeoIp and events over time TFTPGeoIp and events over time

SSH proto fields and geoIP visualizations SSH proto fields and geoIP visualizations

SMTP Geoip events SMTP Geoip events

SMB Proto fields SMB Proto fields

SMB Alert trends

NFS protocol fields visualizations NFS protocol fields visualizations

KRB5 protocol fields visualizations KRB5 protocol fields visualizations

KRB5 alerts trending, sources and GeoIP KRB5 alerts trending, sources and GeoIP

IKEv2 GeoIP and events trending IKEv2 GeoIP and events trending

IKEv2 protocol fields break down IKEv2 protocol fields break down

NSM and IDS time series NSM and IDS time series

Rich HTTP details correlation and FPC Rich HTTP details correlation and FPC

HTTP protocol data and GeoIP visualizations HTTP protocol data and GeoIP visualizations

Fileinfo break don by protocols Fileinfo break don by protocols

DNS protocol visualizations by fields DNS protocol visualizations by fields

DNS Heat maps DNS Heat maps

DNP3 event details correlation and FPC DNP3 event details correlation and FPC

DNP3 protocol fields and sources info DNP3 protocol fields and sources info

DHCP protocol fields visualizations, events correlation and FPC availability DHCP protocol fields visualizations, events correlation and FPC availability

Application layer protocols breakdown Application layer protocols breakdown

Application layer protocols breakdown -2 Application layer protocols breakdown -2

Application layer protocols breakdown -3 Application layer protocols breakdown -3

Per VLAN details and visualizations Per VLAN details and visualizations

Per alert event details, metadata, correlation and FPC Per alert event details, metadata, correlation and FPC

Helpful NSM birds eye views and selections Helpful NSM birds eye views and selections

Alert event break down by protocol and GeoIP visualization Alert event break down by protocol and GeoIP visualization

TrafficID TrafficID

Moloch visualizations, easy filtering and drill down Moloch visualizations, easy filtering and drill down

Moloch per flow/session visualizations, easy filtering and drill down Moloch per flow/session visualizations, easy filtering and drill down

 

Feedback is welcome

Any feedback as always is greatly appreciated! :)

Give us feedback and get help on:

While this test upgrade/installation has been verified and tested please make sure you try it in your test/QA set up first.

Thank you!

 

 

 

 
Peter Manev

Peter Manev

Peter Manev is the co-founder and chief strategy officer (CSO) at Stamus Networks. He is a member of the executive team at Open Network Security Foundation (OISF). Peter has over 15 years of experience in the IT industry, including enterprise-level IT security practice. He is a passionate user, developer, and explorer of innovative open-source security software, and he is responsible for training as well as quality assurance and testing on the development team of Suricata – the open-source threat detection engine. Peter is a regular speaker and educator on open-source security, threat hunting, and network security at conferences and live-fire cyber exercises, such as Crossed Swords, DeepSec, Troopers, DefCon, RSA, Suricon, SharkFest, and others. Peter resides in Gothenburg, Sweden.

Schedule a Demo of Stamus Security Platform

REQUEST A DEMO

ABOUT STAMUS NETWORKS

Stamus Networks believes in a world where defenders are heroes, and a future where those they protect remain safe. As organizations face threats from well-funded adversaries, we relentlessly pursue solutions that make the defender’s job easier and more impactful. The global leader in Suricata-based network security solutions, Stamus Networks helps enterprise security teams know more, respond sooner and mitigate their risk with insights gathered from cloud and on-premise network activity. Our Stamus Security Platform combines the best of intrusion detection (IDS), network security monitoring (NSM), and network detection and response (NDR) systems into a single solution that exposes serious and imminent threats to critical assets and empowers rapid response. 

Indianapolis, USA Paris, France

Privacy

© 2014-2024 Stamus Networks, Inc. All rights Reserved.