<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

SELKS 10: The Next Big Leap for Open-Source Network Security

by Peter Manev | Jun 13, 2024 | SELKS, Open Source, Stamus Labs

Stamus Networks is pleased to announce the release and availability of SELKS 10, the newest version of the popular Suricata-based IDS, NSM, and threat-hunting platform. This release marks the 10th anniversary of SELKS, which explains the jump from SELKS 7 to SELKS 10. To learn more about how SELKS has changed over the last 10 years, read our blog “SELKS: 10 Years of Open-Source Network Defense''.

SELKS 10 is the most powerful version of SELKS yet, and we are only getting started. Read on to discover what’s new in this release, and as always, thank you for your continued support of our open-source work.

What is SELKS?

As a reminder, SELKS is free, open-source, and turn-key Suricata network intrusion detection/protection system (IDS/IPS), network security monitoring (NSM), and threat-hunting implementation. Released under the GPLv3 license, SELKS is the perfect solution for small to medium-sized organizations, home network defenders looking for a capable and effective IDS and NSM system, or security practitioners looking to experiment with Suricata.

SELKS 10 includes 8 key components:

SELKS 10 is built on eight key components:

Additionally, SELKS 10 utilizes functionality from Arkime, Evebox, and CyberChef, although those components were included after the “SELKS” acronym was established.

What’s new in SELKS 10?

There are four major updates to the SELKS system for version 10, and each one brings new benefits to users:

  1. 1. Conditional packet capture

    SELKS users can now capture selected packets (PCAP) associated with detection events and then export those packets from the hunting interface. These PCAP files include the full session that triggered the detection in question. All PCAPs are de-duplicated, stored only once on the sensor, and made available for download as evidence or for playback into SELKS or third-party tools such as Wireshark.

    The benefit of conditional packet capture is that it gives users access to critical network forensic data to be used for investigation, training, or threat intelligence sharing without dedicating the substantial storage resources needed for full-time packet capture.

  1. 2. User interface harmonized with Stamus Security Platform

    Perhaps one of the biggest changes to SELKS 10 is an updated user interface in-line with the Stamus Security Platform (SSP). The user interface (Stamus Community Edition or “Scirius”) now incorporates several of the latest capabilities of our commercial platform. Stamus CE is the first OSS GUI developed and dedicated specifically for Suricata and its data, and it now includes a more powerful and integrated hunting console, the ability to export evidence and artifacts, and additional pre-defined threat-hunting filters.

    This simplified user experience delivers consolidated threat detection, hunting, and evidence viewing and provides users with a streamlined way to zoom in and out of the data for rapid insights from millions of network security events.


New SELKS 10 hunting dashboard view:

hunting dashboard view on a single event: 

Single Event

Hunting dashboard with filter applied: 

hunting dashboard with fiter

  1. 3. Upgrade to Arkime version 5.0

    SELKS 10 adds the latest capabilities of Arkime - bulk search, improved session detail display, unified configs, unified authentication, additional multiviewer support, and offline PCAP retrieval improvements. Arkime augments Suricata's conditional packet capture to store and index network traffic in standard PCAP format. 


  1. 4. Switch to PostgreSQL database

    SELKS 10 is now using a PostgreSQL database instead of SQLite to fix some issues, augment capabilities, improve scalability, and prepare for future evolution.


Download SELKS 10

SELKS 10 can be obtained either from the Stamus Networks SELKS homepage or from the SELKS GitHub.

Users have three options:

  • SELKS Docker Compose Package - Use the Docker Compose package to install SELKS in any LINUX environment and ensure you are including the very latest containers, including Evebox and Suricata.
  • Complete Image (ISO) with Desktop - Use the image with Desktop when you want a turnkey installation that includes the Debian x64 12 (Bookworm) Linux desktop environment. Can be deployed on bare metal hardware or VM.
  • Complete Image (ISO) without Desktop - Use the image without Desktop when you want a turnkey SELKS installation in a headless environment (based on Debian 12 Bookworm). Can be deployed on bare metal hardware or VM.

Upgrade from previous version of SELKS

To upgrade the docker compose installation to the latest version of SELKS, follow the instructions here: https://github.com/StamusNetworks/SELKS/wiki/Docker#upgrade-all-containers.

We hope you enjoy SELKS 10, the most advanced SELKS system to date. As always, we encourage users to join the conversation over on our Discord. To stay updated with new blog posts and other news from Stamus Networks, also make sure to subscribe to the Stamus Networks Blog and the Stamus Spotlight Newsletter, and follow us on Twitter, LinkedIn, and Facebook

Peter Manev

Peter Manev is the co-founder and chief strategy officer (CSO) at Stamus Networks. He is a member of the executive team at Open Network Security Foundation (OISF). Peter has over 15 years of experience in the IT industry, including enterprise-level IT security practice. He is a passionate user, developer, and explorer of innovative open-source security software, and he is responsible for training as well as quality assurance and testing on the development team of Suricata – the open-source threat detection engine. Peter is a regular speaker and educator on open-source security, threat hunting, and network security at conferences and live-fire cyber exercises, such as Crossed Swords, DeepSec, Troopers, DefCon, RSA, Suricon, SharkFest, and others. Peter resides in Gothenburg, Sweden.

Schedule a Demo of Stamus Security Platform


Related posts

SELKS: 10 Years of Open-Source Network Defense

This month, we celebrate the 10th anniversary of SELKS, Stamus Networks’ open-source Suricata-based...

The Hidden Claws of APT 35: Charming Kitten

Don’t let the disarming name fool you.Charming Kitten, also known as APT 35, Newscaster Team, Ajax...