Stamus Networks Blog

We believe that sharing information is necessary to improve global security. The purpose of this blog is to share our experiences, perspectives and experiments.

Subscribe to our Blog

Blog /
Showing 67 results
of 67 items.
Reset All

Category

Recent Posts

Threat Hunting with the Open Lateral Movement Ruleset for Suricata by Peter Manev

Threat Hunting with the Open Lateral Movement Ruleset for Suricata

Jul 04, 2024 Peter Manev
SELKS, Open Source, Threat Hunting, Network Security Monitoring, IDS-IPS, Stamus Labs, ClearNDR

In November of 2022 we announced a Suricata ruleset specifically focused on detecting lateral...

Read More
SELKS 10: The Next Big Leap for Open-Source Network Security by Peter Manev

SELKS 10: The Next Big Leap for Open-Source Network Security

Jun 13, 2024 Peter Manev
SELKS, Open Source, Stamus Labs

Stamus Networks is pleased to announce the release and availability of SELKS 10, the newest version...

Read More
The Hidden Claws of APT 35: Charming Kitten by Dallon Robinette

The Hidden Claws of APT 35: Charming Kitten

May 09, 2024 Dallon Robinette
Stamus Labs, Threat intelligence

Don’t let the disarming name fool you.Charming Kitten, also known as APT 35, Newscaster Team, Ajax...

Read More
Threat Hunting with Suricata and Newly Registered Domain Threat Intel (Open NRD) by Peter Manev

Threat Hunting with Suricata and Newly-Registered Domain Threat Intel (Open NRD) Part 4

Dec 07, 2023 Peter Manev
Open Source, Threat Hunting, Suricata, Stamus Labs

This is a follow-up to our third blog on hunting using the publicly available Newly Registered...

Read More
Threat Hunting with Suricata and Newly-Registered Domain Threat Intel (Open NRD) Part 3

Threat Hunting with Suricata and Newly-Registered Domain Threat Intel (Open NRD) Part 3

Nov 22, 2023 Peter Manev
Open Source, Threat Hunting, Suricata, Stamus Labs

This is a follow-up to our second blog on hunting using the publicly available Newly Registered...

Read More
Threat Hunting with Suricata and Newly Registered Domain Threat Intel (Open NRD) Part 2

Threat Hunting with Suricata and Newly-Registered Domain Threat Intel (Open NRD) Part 2

Nov 16, 2023 Peter Manev
Open Source, Threat Hunting, Suricata, Stamus Labs

This is a follow-up to our first blog on hunting using the publicly available Newly Registered...

Read More
Behind the Curtain: Understanding Cozy Bear (APT29)

Behind the Curtain: Understanding Cozy Bear (APT29)

Nov 07, 2023 Dallon Robinette
Stamus Labs, Threat intelligence

Cozy Bear — also known as APT29, CozyCar, CozyDuke, and others — is a familiar name to security...

Read More
Threat Hunting with Suricata and Newly-Registered Domain Threat Intel (Open NRD) by Peter Manev

Threat Hunting with Suricata and Newly-Registered Domain Threat Intel (Open NRD)

Oct 31, 2023 Peter Manev
Open Source, Threat Hunting, Suricata, Stamus Labs

In aprevious blog post, we announced the release of Open NRD from Stamus Networks - a set of threat...

Read More
Behind the Curtain: Understanding Fancy Bear (APT 28)

Behind the Curtain: Understanding Fancy Bear (APT 28)

Sep 28, 2023 Dallon Robinette
Stamus Labs, Threat intelligence

Operating since 2008, the shadowy figure of Fancy Bear has emerged as a formidable force in the...

Read More
Jupyter Playbooks for Suricata Pt. 4 by Markus Kont

Jupyter Playbooks for Suricata | Part 4

Aug 31, 2023 Markus Kont
Open Source, Suricata, IDS-IPS, Stamus Labs, Jupyter Notebook

Back in 2022, I did a Suricon presentation titled Jupyter Playbooks for Suricata. This led into a...

Read More
A Practicle Guide to Small Office / Home Office Network Visibility with SELKS: Part 1 - Equipment Selection

A Practical Guide to Small Office / Home Office Network Visibility with SELKS: Part 1 - Equipment Selection

Jul 21, 2023 Alexander Nedelchev
SELKS, Open Source, Suricata, Network Security Monitoring, IDS-IPS, Stamus Labs

Have you ever counted how many computer devices, smart IoT gadgets, TV’s, kitchen appliances,...

Read More
Demystifying the MITRE ATT&CK Framework: Understanding Cyber TTPs

Demystifying the MITRE ATT&CK Framework: Understanding Cyber TTPs

Jul 06, 2023 Stamus Networks Team
Stamus Security Platform, Declarations of Compromise, Stamus Labs, ClearNDR

When an organization wants to learn more about the tactics, techniques, and procedures (TTP) used...

Read More
Stamus Security Platform closes a Suricata supply chain attack vulnerability

Closing a Suricata Supply Chain Attack Vulnerability

Jun 15, 2023 Eric Leblond
SELKS, Suricata, Stamus Security Platform, CVE, Stamus Labs

On 15-June-2023 the OISF announced a new release of Suricata (6.0.13) which fixes a potential...

Read More
Unlocking the Secrets of Forensic Investigations: Solving the SANS Forensic Quiz using SELKS by Rositsa Kyuchokova

Unlocking the Secrets of Forensic Investigations: Solving the SANS Forensic Quiz using SELKS

May 17, 2023 Rositsa Kyuchukova
SELKS, Open Source, Suricata, Stamus Labs, Kibana

Are you looking to improve your threat hunting and network based forensic analysis skills with...

Read More
Accelerate Suricata Rule Writing with Suricata Language Server v0.9.0 by Éric Leblond

Accelerate Suricata Rule Writing with Suricata Language Server v0.9.0

Apr 28, 2023 Eric Leblond
Open Source, Suricata, IDS-IPS, Stamus Labs

Writing Suricata rules has never been easier or faster since the release of the Suricata Language...

Read More
Analyzing Network Traffic with Kibana Dashboards in SELKS: the SN-Hunt-1 Dashboard Part 3 By Rosita Kyuchukova

Analyzing Network Traffic with Kibana Dashboards in SELKS: the SN-Hunt-1 Dashboard Part 3

Apr 20, 2023 Rositsa Kyuchukova
SELKS, Open Source, Threat Hunting, Suricata, IDS-IPS, Stamus Labs, Kibana

Earlier this week, we introduced the second set of visualizations provided by the SN-Hunt-1 Kibana...

Read More
Analyzing Network Traffic with Kibana in SELKS: the SN-Hunt-1 Dashboard Part 2 by Rosita Kyuchukova

Analyzing Network Traffic with Kibana in SELKS: the SN-Hunt-1 Dashboard Part 2

Apr 18, 2023 Rositsa Kyuchukova
SELKS, Open Source, Threat Hunting, Suricata, IDS-IPS, Stamus Labs, Kibana, Clear NDR Community

Last week, we introduced the first set of visualizations provided by the SN-Hunt-1 Kibana dashboard...

Read More
Jupyter Playbooks for Suricata - Part 3 by Markus Kont

Jupyter Playbooks for Suricata | Part 3

Apr 14, 2023 Markus Kont
Open Source, Suricata, IDS-IPS, Stamus Labs, Jupyter Notebook

This is the third post in a series based on my Suricon 2022 talk Jupyter Playbooks for Suricata....

Read More
Analyzing-Network-Traffic-With-Kibana-Dashboards-in-SELKS-SN-Hunt-1-Dashboard-part1

Analyzing Network Traffic with Kibana in SELKS: the SN-Hunt-1 Dashboard Part 1

Apr 12, 2023 Rositsa Kyuchukova
SELKS, Open Source, Threat Hunting, Suricata, IDS-IPS, Stamus Labs, Kibana, Clear NDR Community

Keeping your network secure can feel like an endless game of cat and mouse. But with Clear NDR -...

Read More
Use SELKS Kibana Dashboards to Solve the Unit 42 Wireshark Quiz by Rosita Kyuchukova

Use SELKS Kibana Dashboards to Solve the Unit 42 Wireshark Quiz

Apr 04, 2023 Rositsa Kyuchukova
SELKS, Open Source, Threat Hunting, Suricata, Network Security Monitoring, Stamus Labs, Kibana, Clear NDR Community

Recently, we released a blog post detailing how you can solve the Unit 42 Wireshark quiz for...

Read More
Using MISP Shared Intelligence with SELKS by Alexander Nedelchev

Using MISP Shared Intelligence with SELKS

Mar 21, 2023 Alexander Nedelchev
SELKS, Open Source, Suricata, Stamus Labs, Threat intelligence

A couple of weeks ago, we covered how Stamus Security Platform (SSP) users can harness the power of...

Read More
Use SELKS to Solve the Unit 42 Wireshark Quiz by Rosita Kyuchukova

Use SELKS to solve the Unit 42 Wireshark Quiz

Mar 16, 2023 Rositsa Kyuchukova
SELKS, Open Source, Threat Hunting, Suricata, IDS-IPS, Stamus Labs, Kibana, Clear NDR Community

This blog describes how to solve the Unit 42 Wireshark quiz for January 2023 with Clear NDR -...

Read More
Using MISP Shared Threat Intelligence in Stamus Security Platform

Using MISP Shared Intelligence in Stamus Security Platform

Mar 09, 2023 Alexander Nedelchev
Open Source, Network Detection and Response, Stamus Security Platform, Stamus Labs, Threat intelligence

Stamus Security Platform (SSP) users can now integrate the Malware Information Sharing Platform...

Read More
Jupyter Playbooks for Suricata Part 2 by Markus Kont

Jupyter Playbooks for Suricata | Part 2

Mar 02, 2023 Markus Kont
Open Source, Suricata, IDS-IPS, Stamus Labs, Jupyter Notebook

This is the second post in a series that will be based on my Suricon 2022 talk Jupyter Playbooks...

Read More
Detecting Attacks Against CVE-2022-39952 (FortiNAC) by Stamus Networks Team

Detecting Attacks Against CVE-2022-39952 (FortiNAC)

Feb 24, 2023 Stamus Networks Team
Network Detection and Response, Threat Hunting, Stamus Security Platform, CVE, Stamus Labs

This blog describes the steps Stamus Networks customers may take to determine if any of your...

Read More
Jupyter Playbooks for Suricata Part 1 by Markus Kont

Jupyter Playbooks for Suricata | Part 1

Feb 16, 2023 Markus Kont
Open Source, Suricata, IDS-IPS, Stamus Labs, Jupyter Notebook

This is the first post in a series that will be based on my Suricon 2022 talk Jupyter Playbooks...

Read More
An Introduction to Cyber Threat Intelligence by Stamus Networks Team

An Introduction to Cyber Threat Intelligence

Feb 09, 2023 Stamus Networks Team
Stamus Labs, Threat intelligence

Because cybersecurity teams face numerous threats from bad actors that are continually devising new...

Read More
GopherCap Packet De-duplication by Markus Kont

GopherCap Packet De-duplication

Jan 12, 2023 Markus Kont
Open Source, IDS-IPS, Stamus Labs, GopherCap

A while back I wrote a blog post about a packet filtering subcommand I implemented into GopherCAP....

Read More
Inside SELKS by Stamus Networks: What's Under the Hood by Phil Owens

Inside SELKS: What's Under the Hood

Dec 08, 2022 Phil Owens
SELKS, Open Source, Suricata, Stamus Labs

SELKS is a turnkey Suricata-based IDS/IPS/NSM ecosystem that combines several free, open-source...

Read More
Analysis of TLS Cipher Suite Security in Stamus App for Splunk by Eric Leblond

Analysis of TLS Cipher Suite Security in Stamus App for Splunk

Nov 22, 2022 Eric Leblond
Open Source, Suricata, Splunk, Stamus Security Platform, Stamus Labs

The latest version (1.0.1) of  the Stamus App for Splunk adds TLS cipher suite analysis. Conducting...

Read More
Why We Wrote the Book on Suricata by Eric Leblond

Why We Wrote the Book on Suricata

Nov 15, 2022 Eric Leblond
Open Source, Suricata, Stamus Labs, Stamus News

As we celebrate the first week after launching our new book “The Security Analyst’s Guide to...

Read More
NEW! Open Ruleset for Detecting Lateral Movement with Suricata

NEW! Open Ruleset for Detecting Lateral Movement in Windows Environments with Suricata

Nov 10, 2022 Peter Manev
Open Source, Suricata, Stamus Labs, Threat intelligence

Today, we’re announcing a new open-source contribution from Stamus Networks - a Suricata ruleset...

Read More
IMAGE: Impact of OpenSSL CVE-2022-3602 and CVE-2022-3786 on SSP and SELKS Users

Impact of OpenSSL CVE-2022-3602 and CVE-2022-3786 on SSP and SELKS Users

Nov 01, 2022 Stamus Networks Team
SELKS, Stamus Security Platform, CVE, Stamus Labs

TL;DR

Stamus Networks uses OpenSSL in the Stamus Security Platform (SSP) as well as our open source

Read More
SELKS 7: Deployment and Applications by Alexander Nedelchev

SELKS 7: Deployment and Applications

May 03, 2022 Alexander Nedelchev
SELKS, Open Source, Suricata, Stamus Labs

Perhaps the most exciting thing about the release of SELKS 7 is the various practical applications...

Read More
SELKS 7: Newly Updated Capabilities by Alexander Nedelchev

SELKS 7: Newly Updated Capabilities

May 03, 2022 Alexander Nedelchev
SELKS, Open Source, Suricata, Stamus Labs

This series introduces SELKS 7, the latest update to the free, open-source, turn-key Suricata based...

Read More
SELKS 7: An Introduction by Alexander Nedelchev

SELKS 7: An Introduction

May 03, 2022 Alexander Nedelchev
SELKS, Open Source, Suricata, Stamus Labs

In this series, you will get an overview of the SELKS 7 platform, the new updates and functionality...

Read More
GopherCAP Update: Filtering and SMB Lateral Detection Research

GopherCAP Update: PCAP Filtering and SMB Lateral Detection Research

Feb 16, 2022 Markus Kont
Open Source, IDS-IPS, Stamus Labs, GopherCap

Re-Introduction to PCAP Replay and GopherCAP

A while back we introduced GopherCAP, a simple tool...

Read More
Stamus Blog | Introducing Suricata Language Server: Real-time Rule Syntax Checking and Auto-completion

Introducing Suricata Language Server: Real-time Rule Syntax Checking and Auto-completion

Jan 18, 2022 Eric Leblond
Open Source, Suricata, IDS-IPS, Stamus Labs

Writing signatures for Suricata and other intrusion detection systems (IDS) is considered by many...

Read More
Stamus Networks | Spin up a Complete Suricata Network Security Platform in Under 2 Minutes

Spin up a Complete Suricata Network Security Platform in Under 2 Minutes

Oct 29, 2021 Alexander Nedelchev
SELKS, Open Source, Suricata, Network Security Monitoring, IDS-IPS, Stamus Labs

Believe it or not, you can launch a turnkey Suricata IDS/IPS/NSM installation – with as few as 4...

Read More
Stamus Networks: SELKS on Docker

SELKS on Docker: A Much More Portable and Agnostic Solution

Aug 03, 2021 Raphael Brogat
SELKS, Open Source, Suricata, Stamus Labs

Here at Stamus Networks, we are strongly committed to open-source and believe that ease of use has...

Read More
Introducing GopherCAP: Powerful PCAP Replay

Introducing GopherCAP: Powerful PCAP Replay

Oct 23, 2020 Markus Kont
Open Source, IDS-IPS, Stamus Labs, GopherCap

Historically, we have used tcpreplay with predetermined PPS options for replaying PCAP files. It is...

Read More

Introducing the Stamus Networks App for Splunk®

Oct 13, 2020 Eric Leblond
Open Source, Suricata, Splunk, Stamus Labs

This week we announced the new Stamus Networks App for Splunk®. You can read our press release here...

Read More
SELKS 6 is now availlable

SELKS 6 [The stuck-at-home edition]

Jun 22, 2020 Peter Manev
SELKS, Open Source, Suricata, Stamus Labs

SELKS 6 is out!

If you are still teleworking, you may wish to test and deploy this new edition to...

Read More

SELKS 5 - The Sorceress

Apr 16, 2019 Peter Manev
SELKS, Open Source, Suricata, Stamus Labs

SELKS 5 is out! Thank you to the whole community for your help and feedback! Thank you to all the...

Read More

SELKS5 RC1 - Threat Hunting and more...

Dec 21, 2018 Peter Manev
SELKS, Open Source, Threat Hunting, Suricata, Stamus Labs

Hi!Yet another upgrade of our SELKS. We are very thankful to all the great Open Source projects and...

Read More

SELKS5 Beta: new hunting interface and FPC

Oct 26, 2018 Peter Manev
SELKS, Open Source, Suricata, Stamus Labs

Hey! Our new and upgraded showcase for Suricata has just been released - SELKS5 Beta. Thanks to...

Read More

SELKS 4.0

Aug 22, 2017 Peter Manev
SELKS, Open Source, Suricata, Stamus Labs

This first edition of SELKS 4 is available from Stamus Networks thanks to a great and helpful...

Read More

Suricata 4.0 and why it does matter

Jul 28, 2017 Eric Leblond
SELKS, Open Source, Suricata, Stamus Labs

Suricata 4.0 is out and this switch from 3.x to 4.x is not marketing driven because the changes are...

Read More

SELKS 4 RC1

Jul 11, 2017 Peter Manev
SELKS, Open Source, Suricata, Stamus Labs

After a very valuable round of testing and feedback from the community we are pleased to announce...

Read More

The third SELKS is out

Aug 12, 2016 Peter Manev
SELKS, Open Source, Suricata, Stamus Labs

Yes, we did it: the most awaited SELKS 3.0 is out. This is the first stable release of this new...

Read More

Amsterdam 1.0, SELKS and docker

Jun 02, 2016 Eric Leblond
SELKS, Open Source, Suricata, Stamus Labs

Stamus Networks is proud to announce the availability of version 1.0, nicknamed "glace à la...

Read More

Let’s talk about SELKS 3.0RC1

Apr 08, 2016 Peter Manev
SELKS, Open Source, Suricata, Stamus Labs

After some hard team work, Stamus Networks is proud to announce the availability of SELKS 3.0RC1.

Read More

Amsterdam: SELKS & Docker using Compose

Sep 29, 2015 Eric Leblond
SELKS, Open Source, Suricata, Stamus Labs

Stamus Networks is proud to announce the availability of the first technology preview of Amsterdam.

Read More

Let’s talk about SELKS 2.1

Sep 02, 2015 Peter Manev
SELKS, Open Source, Suricata, Stamus Labs
Read More

Let's talk about SELKS 2.0

May 06, 2015 Peter Manev
SELKS, Open Source, Suricata, Stamus Labs

Stamus Networks is proud to announce the availability of SELKS 2.0  release.

Read More

SELKS 2.0 beta1 based on Debian Jessie

Apr 11, 2015 Peter Manev
SELKS, Open Source, Suricata, Stamus Labs

Stamus Networks is proud to announce the availability of SELKS 2.0 BETA1 release. With Jessie...

Read More

Let’s talk about SELKS 1.2

Feb 17, 2015 Peter Manev
SELKS, Open Source, Suricata, Stamus Labs

Stamus Networks is proud to announce the availability of SELKS 1.2 stable release. SELKS is both...

Read More

Conky for SELKS

Dec 07, 2014 Peter Manev
SELKS, Open Source, Suricata, Stamus Labs

Conky is a cool, desktop and lightweight monitoring tool. SELKS comes with a ready to use Conky...

Read More

Accuracy of Elasticsearch facets

Dec 04, 2014 Eric Leblond
SELKS, Open Source, Suricata, Stamus Labs

Introduction

Elasticsearch and Kibana are wonderful tools but as all tools you need to know their...

Read More

Let’s talk about SELKS 1.1

Nov 18, 2014 Peter Manev
SELKS, Open Source, Suricata, Stamus Labs

Stamus Networks is proud to announce the availability of SELKS 1.1 stable release. SELKS is both...

Read More

Using Stamus Networks Debian Repositories

Oct 28, 2014 Peter Manev
SELKS, Open Source, Suricata, Stamus Labs

Stamus Networks supports its own generic and standard Debian Wheezy 64 bit packaging repositories...

Read More

Slides of SELKS lightning talk at hack.lu

Oct 23, 2014 Eric Leblond
SELKS, Open Source, Suricata, Stamus Labs

After giving a talk about malware detection and suricata, Eric Leblond gave a lightning talk to...

Read More

SELKS privacy dashboard

Oct 20, 2014 Eric Leblond
SELKS, Open Source, Suricata, Stamus Labs

Introduction

SELKS 1.0 is featuring a privacy dashboard. This is a dashboard focusing on HTTP and...

Read More

Let's talk about SELKS 1.0

Oct 16, 2014 Peter Manev
SELKS, Open Source, Suricata, Stamus Labs

Stamus Networks is proud to announce the availability of SELKS 1.0 stable release. SELKS is both...

Read More

SELKS 1.0 RC1 is out

Sep 10, 2014 Peter Manev
SELKS, Open Source, Suricata, Stamus Labs

Stamus Networks is proud to announce the availability of SELKS 1.0 RC1. This is the first release...

Read More

A Suricata application for Splunk

Jul 30, 2014 Eric Leblond
Open Source, Suricata, Splunk, Stamus Labs

Thanks to the EVE JSON events and alerts format that appear in Suricata 2.0, it is now easy to...

Read More

SELKS 1.0 beta2 is available

Jun 18, 2014 Eric Leblond
SELKS, Open Source, Suricata, Stamus Labs

Stamus Networks is proud to announce the release of SELKS 1.0 beta2. This is the second public...

Read More

ABOUT STAMUS NETWORKS ™

Stamus Networks believes that cyber defense is bigger than any single person, platform, company, or technology. That’s why we leverage the power of community to deliver the next generation of open and transparent network defense. Trusted by security teams at the world’s most targeted organizations, our flagship offering – Clear NDR™ – empowers cyber defenders to uncover and stop serious threats and unauthorized network activity before they harm their organizations. Clear NDR helps defenders see more clearly and act more confidently through detection they can trust with results they can explain.

Indianapolis, USA Paris, France

Privacy

© 2014-2025 Stamus Networks, Inc. All rights Reserved.