<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

SELKS 5 - The Sorceress

SELKS 5 is out! Thank you to the whole community for your help and feedback! Thank you to all the great Open Source projects and tools mentioned below for making it possible to showcase Suricata with this new release.

All components have been upgraded in this release to the latest version available but this is not the main improvement. SELKS is now able of doing Full Packet Capture thanks to Suricata and Moloch and benefit from an upgraded Scirius CE adding a new threat hunting interface.


Alert metadata in Scirius Hunting interface


Moloch addition allows the user to investigate and explore captured data via the Moloch viewer that provide an intuitive interface. The new Scirius threat hunting interface proposes a drill-down approach that allow to quickly find relevant alerts in a haystack and start investigation by what matter.

Features, fixes and major improvements:

  • The whole stack has been upgraded
    • Over 21 new dashboards
    • Hundreds of visualizations
    • New Threat Hunting interface
    • Full Packet Capture possibility
  • Elasticsearch 6.7.1
  • Logstash 6.7.1
  • Kibana 6.7.1
  • Moloch 1.8.0  -  The new SELKS makes use of Moloch and Moloch viewer to parse and view the full packet capture done by Suricata. Moloch comes with an arsenal of tools and features on its own like:
    • CyberChef
    • Extremely flexible and easy to use interface for FPC drill down, filtering, search and pcap export
  • Scirius 3.2.0 CE
      • Threat Hunting based on Suricata's alerts metadata
      • Administration, ruleset and threat hunting management
      • Any field and action are selectable and searchable
      • Order and set up your own threat hunting dashboard in seconds with drag and drop functionality


TLS Server Name Identification



HTTP UserAgent selection




Easily select and filter on any metadata Easily select and filter on any metadata



  • Suricata  - latest git edition anytime available.
  • SELKS scripts upgrade
    • available now system wide in "/usr/bin"
    • Full packet Capture retention policy - thanks Joren0494 !
    • selks-health-check_stamus  - SELKS health check script
  • Debian - always thankful !
  • EveBox - always the latest and very thankful for your support and extremely fast bug fixing and feature addition

More  screenshots of SELKS 5 release 

SELKS is both Live and installable Network Security Management ISO based on Debian implementing and focusing on a complete and ready to use Suricata IDS/IPS ecosystem with its own graphic rule manager. Stamus Networks is a proud member of the Open Source community and SELKS is released under GPLv3 license.


To download SELKS 5, pick one of the two flavors:

SELKS with desktop
  • HTTP: SELKS-5.0-desktop.iso
  • Sha256sum: 60c52286df9d1d250efac3f24644bd5b59bf5728d2c50bd722d8e4c9e8ce2089
SELKS without desktop


You can find the first time set up instructions on our SELKS 5.0 wiki page.

SELKS 4 user can upgrade their running systems using the following Upgrade instructions.


Feedback is welcome

Any feedback as always is greatly appreciated! :)

Give us feedback and get help on:

While this test upgrade/installation has been verified and tested please make sure you try it in your test/QA set up first.

Thank you!


Peter Manev

Peter Manev is the co-founder and chief strategy officer (CSO) at Stamus Networks. He is a member of the executive team at Open Network Security Foundation (OISF). Peter has over 15 years of experience in the IT industry, including enterprise-level IT security practice. He is a passionate user, developer, and explorer of innovative open-source security software, and he is responsible for training as well as quality assurance and testing on the development team of Suricata – the open-source threat detection engine. Peter is a regular speaker and educator on open-source security, threat hunting, and network security at conferences and live-fire cyber exercises, such as Crossed Swords, DeepSec, Troopers, DefCon, RSA, Suricon, SharkFest, and others. Peter resides in Gothenburg, Sweden.

Schedule a Demo of Stamus Security Platform


Related posts

SELKS 10: The Next Big Leap for Open-Source Network Security

Stamus Networks is pleased to announce the release and availability of SELKS 10, the newest version...

SELKS: 10 Years of Open-Source Network Defense

This month, we celebrate the 10th anniversary of SELKS, Stamus Networks’ open-source Suricata-based...