Hey! Our new and upgraded showcase for Suricata has just been released – SELKS5 Beta. Thanks to lots of help from the community and dev work we are pleased to announce the first beta release of our new SELKS5.
Our major new features and additions include :
- Suricata IDS/IPS/NSM 4.1-dev – latest Suricata packaged with new and enabled features like
- Full Packet Capture enabled on SELKS – yes, Suricata can do FPC as well.
- Rust enabled
- new protocols SMBv1/2/3, NFSv4, Kerberos, FTP, DHCP, IKEv2
- more possibility for file extraction – SMTP/HTTP/SMB/NFS/FTP
- Hyperscan enabled for extra performance boost.
- Major upgrade from Elasticsearch/Kibana/Logtsash (ELK) 5.x to the ELK 6 stack making available a ton of new features and enhancements.
- Scirius 3.0
- New Hunt interface allowing for fast drill down approach enabling of filtering out the noise and concentrating on threats in seconds
- Grouped rules factorization via usage of IP reputation feature of Suricata
- Evebox – bugfixes and parsing improvements.
- Debian – our favorite OS
- Moloch – The new SELKS makes use of Moloch and Moloch viewer to parse and view the full packet capture done by Suricata. Moloch comes with an arsenal of tools and features on its own like:
- Extremely flexible and easy to use interface for FPC drill down, filtering,search and pcap export
As always we are very thankful to the above Open Source projects and tools for making it possible to showcase Suricata and our new distro
SELKS is both Live and installable Network Security Management ISO based on Debian implementing and focusing on a complete and ready to use Suricata IDS/IPS ecosystem with its own graphic rule manager. Stamus Networks is a proud member of the Open Source community and SELKS is released under GPLv3 license.
To download SELKS 5, pick one of the two flavors:
SELKS with desktop
- HTTP: SELKS-5.0beta1-desktop.iso
- MD5sum: af4ae135dd60baea7183ac5bdb4a5863
- Sha1sum: 878348effeefda387677002cb0d1aab529752ad3
- Sha256sum: d6cf5e0bd583315e9b10229a1c73938087e3377997317ceed508fc55e5239c19
SELKS without desktop
- HTTP: SELKS-5.0beta1-nodesktop.iso
- MD5sum: 3bfbb8cf626f0f2979f02148c2bad4f5
- Sha1sum: 80d0b855608ad458781478d1e2e9fd41c56b0c06
- Sha256sum: 34019555e07e0cf47b3fb1e260f7c0b024553267338f02df8f949a1ef208741f
You can find the start instruction including the initial setup script usage on SELKS 5.0 wiki page.
SELKS 4 user can upgrade their running systems using the following Upgrade instructions.
Some visuals to give you a glimpse of the things you can do with SELKS.
Scirius landing page – Administer, Hunt, Search, Drill down and filter, Correlate events and FPC
21 ready to use Kibana dashboards consisting of over 200 visualizations
Moloch Suricata Plugin
Moloch and CyberChef navigation, drill down and display
TLS GeoIP and sni breakdown
TLS version and sni
TFTPGeoIp and events over time
SSH proto fields and geoIP visualizations
SMTP Geoip events
SMB Proto fields
SMB Alert trends
NFS protocol fields visualizations
KRB5 protocol fields visualizations
KRB5 alerts trending, sources and GeoIP
IKEv2 GeoIP and events trending
IKEv2 protocol fields break down
NSM and IDS time series
Rich HTTP details correlation and FPC
HTTP protocol data and GeoIP visualizations
Fileinfo break don by protocols
DNS protocol visualizations by fields
DNS Heat maps
DNP3 event details correlation and FPC
DNP3 protocol fields and sources info
DHCP protocol fields visualizations, events correlation and FPC availability
Application layer protocols breakdown
Application layer protocols breakdown -2
Application layer protocols breakdown -3
Per VLAN details and visualizations
Per alert event details, metadata, correlation and FPC
Helpful NSM birds eye views and selections
Alert event break down by protocol and GeoIP visualization
Moloch visualizations, easy filtering and drill down
Moloch per flow/session visualizations, easy filtering and drill down
Feedback is welcome
Any feedback as always is greatly appreciated! 🙂
Give us feedback and get help on:
While this test upgrade/installation has been verified and tested please make sure you try it in your test/QA set up first.