In this series, you will get an overview of the SELKS 7 platform, the new updates and functionality included in the recent update, as well as deployment options and practical applications. If you are already familiar with the SELKS IDS/NSM system, skip ahead to SELKS 7: Updated Capabilities to read about all the new features or SELKS 7: Deployment and Application to learn about the practical uses and implementations possible with SELKS 7.
What is SELKS 7?
Stamus Networks is pleased to announce the release of SELKS 7, the latest iteration of the free, open-source, and turn-key Suricata network intrusion detection/protection system (IDS/IPS), network security monitoring (NSM), and threat hunting implementation. Released under the GPLv3 license, the SELKS 7 system is the perfect solution whether it’s for small to medium sized organizations, the home network defender looking for a capable and effective IDS and NSM system, or security practitioners looking to experiment with Suricata.
SELKS 7 is built on eight key components:
- Suricata - Ready to use Suricata
- Elasticsearch - Search engine
- Logstash - Log injection
- Kibana - Custom dashboards and event exploration
- Scirius CE - Suricata ruleset management and Suricata threat hunting interface
Additionally, SELKS 7 utilizes functionality from Arkime, Evebox, and CyberChef, although those components were included after the “SELKS” acronym was established.
Why are we excited about SELKS 7?
SELKS 7 introduces an architectural overhaul which offers numerous new possibilities. Now that the system is based on Docker, it can run on Linux or Microsoft Windows without the overhead of a virtual machine. This makes SELKS 7 faster to deploy and more flexible than it was when running off a virtual machine in previous iterations. For example, you can now download and launch the entire instance in less than 2 minutes.
One of the exciting benefits of the new architecture is the pcap ingest feature. You can now replay pcap files simply by running a script and you can see the result in all the integrated interfaces. Additionally, different files can be ingested and differentiated within those interfaces so you can study multiple cases simultaneously.
With SELKS 7, it’s unnecessary to experiment and test different software versions. You can now easily pick and choose which specific software component version to use with simple command line flags. These new features make SELKS 7 a valuable platform for learning and training, although the possibilities don’t stop there. With new hunting queries, a greater depth of visualization, and an intuitive dashboard, SELKS 7 offers multiple entry points for the discovery and analysis of network traffic.
SELKS 7: A totally free, open-source, Suricata-based powerhouse IDS/NSM
The features listed here are only the tip of the iceberg when it comes to the new updates included in SELKS 7. With these updated capabilities, there are now new features to assist in your network hunting including new dashboards and reporting abilities, integrations, the inclusion of Docker, rulesets and threat intel management, and monitoring. All of these features work together to provide new practical applications that enable the cyber defenders, whether in small to medium businesses or on their home network, to keep their networks protected against any potential threat.
Read more about the new SELKS 7 updates here or download the system for free today.
